Somebody is sending spam with my domain name in it!

By , April 22, 2010

Sooner or later, this happens to almost everybody: you own a domain name and suddenly you start getting weird email bounce messages and you realize the unthinkable: somebody has sent out an email spam with your domain in the message “From” headers! What to do?

First step is to relax. this happens all the time, and unfortunately it is now your turn. Spammers use randomly selected domains in their From headers or sometimes deliberately target a victim domain (called a “joe job”). Keep a couple things in mind:

  • The smtp (Simple Mail Transfer Protocol) the way it was designed (as described in RFC 822 is inherently insecure. The upshot is that anybody can put any arbitrary address in an email message envelope’s “From” header and the mailer system will just take it. You can easily send email with president@whitehouse.gov in the header and that’s how it will show up in the recipient’s mail reader.
  • All clueful spam reporting services, systems and networks simply ignore what is in the “From” header for this very reason. As a rule, all spam forges the “From” header, and most viruses either forge it, or use random addresses from the address book they are infecting. There are other methods for detecting the true origin of a spam, and the better systems use them.

What you can do

You may want to create a filter in your mail reader to get rid of all those bounce messages and a form email response to send out to any complaints you may get. In that response simply point out that your domain’s From address was forged in the spam and you had nothing to do with it’s transmission.

Publish SPF Data: SPF (Sender Policy Framework) is a method where you publicize which mail systems are authorized to send/originate legitimate email from your domain. Any mail servers that are SPF-aware can then filter or tag the forged spam containing your domain name.

Even for servers not enabled to parse SPF data, you can still use the fact that you have published SPF data on your domain to backup your claim that the spam containing your domain was faked.

For more informatin on SPF see:

Leave a Reply