How to Limit the Damage of Domain Spoofing

Brent Arias asked:

My e-mail account, for my privately run business which I’ll call “VeryCoolCompany”, is starting to receive bounce-backs for users who don’t exist, like these:

alan12ab1@verycoolcompany.com
dietskra44-hey@verycoolcompany.com

In short, somebody is sending e-mails which pretend to be from my company.

No, they are not using my servers to do this. To be precise, my business e-mail is actually a g-mail account in disguise; it is rigged up to my company domain name.

Nevertheless, if there is something I can or should do about this – I’d like to know. For example, does it make sense to contact google? If so, then how? Or do I need to just suck-up and ignore the potential fallout from this?

My answer:


Congratulations, you’ve just received your first backscatter spam.

Unfortunately, the root cause of backscatter spam is badly configured mail servers which accept a message before determining that it’s undeliverable and then attempt to return it to the “From:” address, which is obviously fake.

If there aren’t a lot of them, you can forward them to postmaster @ the domain of the mail server from which you received the message, to report the problem. This relies on the hope that someone at the other side has a clue. (I actually did this today for two backscatter messages. For one, the mail to postmaster bounced, and I reported that to rfc-ignorant.org. That was somebody’s Exchange server in Kenya…no surprise there.)

One thing you can definitely do is to stop using a catch-all email address, and only set up the specific addresses you need.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.