Helping people with computers... one answer at a time.
The problem is that the from address on an email is incredibly easy to spoof. Fortunately, that spam has nothing to do with your servers.
We have our own domain name purchased from GoDaddy and as such, it has an email associated with it. For now, we're not using the email part of it, just the URL for our website and have the email at our domainname.com forwarded to a real email address. Recently, I've been getting returned emails stating "could not send in "x" minutes, etc." and even a few replies from real email addresses, saying that our email to them has been marked as spam. So somehow, someone has gotten a hold of our domain name and is using it to send spam like some firstname.lastname@example.org for things like Viagra (oh joy). I'm afraid that when we do go to use our email address, it will have been labeled by servers everywhere as spam. What can we do?
In this excerpt from Answercast #58, I look at how spammers use domain names to send out spam and the impact that it may have on your email.
Nothing! So here is the thing: nobody has actually taken your domain. Someone has not gotten a hold of your domain.
The problem is that the from address on an email is incredibly easy to spoof. I could send an email that looks like it came from just about any email address on any email domain that I might want it to. I don't need the domain; I don't need access to the domain; I don't need anything related to the domain to make this email look like it came from that domain. And that's what spammers do.
They do that for a couple of different reasons:
One is to trick people into thinking that the email is from a legitimate source and therefore, open it and act on it.
And they do that to cover their tracks. Obviously, by sending a fake from address, they're hiding where the email actually originated.
Now, how does this impact you down the line when you finally start using your email addresses on your domain?
Well, the good news is since they're not using your server at all (remember they're not using anything associated with your domain), they're not using your server so your server's reputation (the server that you might eventually use to send email) is not taking a hit for this.
The server is doing whatever your email server does. The spam is coming from some completely unrelated server (or perhaps a botnet or who knows where else), but it's not coming from anything that would eventually be associated with you.
Second, this type of from spoofing is so incredibly common that in reality, it just doesn't really count that much of a black mark for the email addresses that might appear in the from address.
And finally, you know they're making up the email addresses, right? They're using random characters at "yourdomain.com." When you end up using your email addresses on yourdomain.com, they'll probably not be random characters. They will probably be things like your names, your email names, your division names, whatever you would normally use as an email address.
I might use "Leo" at the domainname.com and so forth. Those are definitely not random. Those are things that were probably not used by the spammers to create fake email from lines. And, like I said, even if they were, this is so common that most spam authorities just know not to attribute too much either positive or negative to the from address on spam.
Ultimately, in your shoes... well, I am in your shoes all the time. I own something like 70 or 80 domains and I'm sure that spam is being sent out from those domains, even though that spam has nothing to do with my servers.
I basically ignore it, and when I get around to using my domain for email,
as I do for some of them, it really hasn't been an issue so I wouldn't really
worry about it.
Next from Answercast 58 - How can someone create a fake account in my daughter's name?
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.