if you DON'T actually run an email server in your domain, there's nothing you can do - spammers will often send the emails from insecure email servers but use a fake 'from' address in their emails to cover their tracks. it's really easy to do, and because it doesn't require any access to anything to do with you there's nothing you can do to stop it.



if you DO run an email server, you'll need to check the setup to make sure it doesn't just relay any messages without checking who's sending them first - this is known as an 'open relay' and is a spammers dream.



only authenticated users should be able to use your email server, rather than anyone in the world.

I'm surprised to this point no one has suggested that you test to see whether you really sending spam...



Check whether you are an SMTP Open Relay (Spammers are sending mail through your mail server because you're mis-configured). One simple test is by simply entering your Domain name into the following free tool...



http://www.dnsreport.com



Also, inspect your mailserver records to know whether you or any of your machines might have been sending an unexpectedly large amount of mail recently (sounds like at least hundreds more than expected).



Do a virus check on your mailserver.



If you don't manage your own mailserver, ask for some co-operation from whoever is managing your mail on your behalf.



If you have done all that, it's unfortunate but true that spammers can be impersonating your domain. If you can obtain the original (not autoresponder) spam message(s) you can look at the hidden mail headers to suggest the original source and path of the message (although that information can also be forged, but usually isn't).



Good Luck...

Not a lot you can do, as someone is "spoofing" your domain.

If you look at some of the replies you could forward them to your webs host and ask them to confirm if they did come through their servers, and if so ask their help, if not, if's just a fact on online life.

Also I'd turn off the catch all as most of these emails will be randomchars@yourdomain.whatever

Coming back online to over 15,000 emails puzzled me, slightly.



“I get a lot of spam, but this seems awfully high”



I downloaded the first 500 or so emails and noticed all the emails have something in common: they’re all bounces. This had had happened to me a few years ago with another of my domains.



I should have learned not to have a catch all account!!



Seems like my domain (therockstargame.com) has made it on to a spammers list and god knows how much spam has been sent with somethingrandom@therockstargame.com set as the ‘FROM’ email address. 15,000 emails bounced but I have no idea or way of finding out how many emails were sent.



I’m going to now search the emails on the server for “delivery-status” (most bounces will mention this in the email header), and then for words like “failure”, “undeliverable”, “undelivered”, “returned mail”.



Most of the emails bouncing back had the topic “Windows Vista Business ready to download” and a lot of email addresses that have been abandoned and left to collect spam are bouncing “inbox full” messages back.



–



Update: From 14,654 emails I got it down to 350, which isn’t so bad. Only 11 of those emails were genuine, however. GRR



Share This



Related Posts

+ 1,000+ Spam Emails Per Day

+ Beware of ‘Domain Name Slamming’

+ Howto: How to Stop PhpBB Spam

+ Dell sues its own affiliates!

+ Update: What I have been doing…

4 Responses to “Spam Being Sent From My Domain Name (Spoofing)”

Feed for this Entry Trackback Address

Webomatica Feb 12th, 2007 at 6:27 pm

Man… that’s rough. 15,000 is a mind boggling amount. I seem to think my email client would explode….



Zeeshan Muhammad Feb 16th, 2007 at 1:32 am

This type of spam is common and is often used by spammers to send bulk messages which do not require users to respond to the email via the ‘Reply’ button, and servers which reject the mail can inform the ’sender’ of this mail of any failures to deliver the mail.



In your case, spammers opted to select your domain name (probably an automated selection) and either set the ‘From:’ or ‘Reply-to:’ mail header to an random email address at your domain name.



The bounces you are seeing are a result of email servers which had spam sent to them which, for one or other reason, failed to deliver the mail to the intended user and in return re-delivered the spam in the shape of a bounce message to the email address they were told was the sender of this mail.



This bounce mechanism is a commonly a fault of the administrator who setup the SMTP server(s) which accepted the spam mail in the first place and later their SMTP server setup detected that it was unable to deliver the mail. Often it is best practise to reject mail in the SMTP session if it cannot be delivered (instead of accepting it and then later rejecting it, after the spammer’s drone/’email client’ has disconnected and left the SMTP conversation).



With that in explanation mind, I recommend you select to inform these SMTP servers which email servers distribute emails for your domains by making use of Sender Policy Framework (SPF) and DomainKeys (DK).



SPF allows SMTP servers which have had SPF support enabled to validate if the email client or another SMTP server (’MTAs’ in this case) are allowed to deliver the email based on the details stored for the domain name stated in the ‘Reply-to:’ header of the email. DK allows you to ’sign’ all of your emails allowing SMTP servers which receive your email or emails which claim to be from your domain to validate the email’s message integrity.



By using SPF and DK, you give email server administrators a chance to reject emails from malicious third parties who try to ’spoof’ the ‘Reply-to:’ header or claim an email is signed by your servers, this would dramatically lower the chance of bounces being sent to you accidentally.



Note that the above recommended solutions require you to add DNS TXT entries to your domains and also modify the way that emails are managed and delivered to other servers (if you opt for DK (you will need to sign your outgoing mail)).



I would, at minimum, setup a SPF TXT entry for your domains to:



v=spf1 a:mail.therockstargame.com -all



This will inform that only one server (the IP or IPs which ‘mail.therockstargame.com’ resolves to) can deliver mail claiming to be from the above domains, so if a third party tried to deliver an email from mail.example.com, your SPF records would cause receiving servers to notice something is odd.



You may find more information about SPF and DK via Wikipedia and Yahoo’s homepage on DK and more information about email ’spoofing’ that can lead to the wrong party receiving bounces by querying for articles on ‘email Joe job’.



Hope this helps



Sam May 4th, 2007 at 8:01 pm

I’ve been checking some of the comments in this whole site,

But in none of the comments are any solution to any issues.



***Spam Being Sent From My Domain Name (Spoofing)



This happen when you have the auto error reply email…

what i mean is… for example, if you email address is

mail@domain.com and the this option is enamble what is

going on here is that when ever the spammer sent the spam

he/her will sent it like anything => blabla@yourdomain.com

the after that the spam will look like if is coming from

your own domain as a spoof, do you get it? just turn that

option off and thats it.



Sorry for my bad english



Sam May 5th, 2007 at 1:22 am

Sorry, what i ment was, if you got the mail error trap ON

You will have to deal with this situation all the time,

Just try to turn that option off and the problem is over.



Well, not over at all, i forgot that SPAM is never over



am saying this cus that use to happen to me at my domain.

so if you still have this problem, i wish you luck.