Friday, 24th May 2013
Spam and Forged Emails
Spamming is the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.
In addition, Spammers can use your domain name to disguise their spam. This type of abuse happens frequently to many domain name owners, since spammers rarely use their own domain names in SPAM and viruses select addresses randomly from other people's address books.
There are a couple of things we advise which may help though in reducing the amount of returned messages you receive as a result of this SPAM being sent with your email address as the forged FROM address -
We recommned that you do not reply to any of these emails. Most of these emails will autogenerated. As for angry reciepnts of the forged email, its best that they get advice from their IT people (who should be able to tell that the email was forged and not from you). Engaging in correspondence to angry recipients may get you in a debate on an issue that is not in your control.
Although this type of activity can be extremely annoying you do not need to worry about being blacklisted by the anti-SPAM databases. None of the major anti-SPAM databases block a server based on the FROM address of the SPAM message as they are well aware that the FROM address can be forged and that it is a common tactic used by spammers.
The next set of tips require knowledge of domain name mangement. We would not recommend an average user to continue - but suggest you to ask your domain manager or webdesigner to carry out the following.
SPF validation (Sender Policy Framework) helps to prevent other users from forging the "From" field with your email address if they are not from your domain. Its a mechanism to allow the email recipient mail server to verify that the server sending the email is authorized to do so.
If you are a Google app user, and you have a website that sends out messages on your behalf, use a TXT DNS record like...
Where 111.222.333.444 is the ip of your website email. The _spf.google.com field is a list of all the Google IP's. This tells receiving mail server that only email from your webserver or google mail are validated.
Another variation we use at Bottomupwebs, which includes all MX and A IP's for that domain is
More on SPF here...
Some email platforms, like Google Apps, enables you to add a digital "signature" to the header of mail messages sent from your domain. Recipients can check the domain signature to verify that the message really comes from your domain and that it has not been changed along the way.
First you will need to generate the domain key and put it in your email header. Then you will need to create a DNS TXT record with that key.
More on Domain Keys here...