Hi,

So I received a junk mail with an address that is from my domain name! How did that happen? ie, I received an junk mail from r@<my domain name>.com

I logged on to my email admin panel, there is no extra account opened, so what is going on? I registered my domain name on 1&1, this happened before, so I contacted them, and they asked me to report something like domain name abuse, or something like that. What's that?


Does anyone have any idea what's going on? How did that happen?



Thanks.

Happens all the time here--anyone can send an email that claims to be from your domain. You just set the "from" field to blah@yourdomain.com and that's it. There isn't any verification of sender built into SMTP at the protocol level.

I wouldn't worry about it. The vast majority of mail servers will reject mail from an IP that doesn't match the IP of the MX record for the domain. You should inspect the headers every now and then of any spam or bounce you get just to make sure your mail server isn't misconfigured and allowing relay, but I doubt it is.

Happens all the time here--anyone can send an email that claims to be from your domain. You just set the "from" field to blah@yourdomain.com and that's it. There isn't any verification of sender built into SMTP at the protocol level.



Really? How? It's not the sender's name, I mean the sender's address.

anyone can send an email that claims to be from your domain.

Yes, that's one of many "nicest" features of email. :)

Really? How? It's not the sender's name, I mean the sender's address.

The sender's address is just another field exactly the same as name, as far as email is concerned. It's set by the mail client, not the server. Mail servers are very trusting. Here's a manual example (stuff is bold is me typing):


[~]$ telnet smtp.west.cox.net 25
Trying 68.6.19.4...
Connected to smtp.west.cox.net (68.6.19.4).
Escape character is '^]'.
220 fed1rmimpo01.cox.net bizsmtp ESMTP server ready
HELO yourdomain.com
250 fed1rmimpo01.cox.net hello [70.162.69.xxx], pleased to meet you
MAIL FROM: Test <you@yourdomain.com>
250 <you@yourdomain.com> sender ok
RCPT TO: <xxx@gmail.com>
250 <xxx@gmail.com> recipient ok
DATA
354 enter mail, end with "." on a line by itself
FROM: Test <you@yourdomain.com>
TO: <xxx@Gmail.com>

Hello there
.
250 bQ1h1V0034KFbC60000000 mail accepted for delivery


That shows up in my Gmail fine; it wasn't even flagged as spam (and didn't even set the subject).

It's exactly the same as sending snail mail. You can write any return address you want on the envelop but it doesn't mean that is where it really came from.

When I send e-mail from james@game-sales-charts.com I don't log into my web hosting account to send it. May mail client isn't connoting to the game-sales-charts.com server to send the mail. I send the mail out using my ISP (the company who provides my DSL not the company who provides my web hosting.) But I am able to set the from address to james@game-sales-charts.com even though the game-sales-charts.com server didn't send the mail. This is how legitimate e-mail often works. A person like me, who owns a domain name, send e-mail claiming to be from that domain name, but does not actually use any computer or account connected to that domain name to send the mail. The from address is simply a text field not an a verified account name. I could just as easily make may mail say it came from you@yourdomain.com or billgates@microsoft.com.

You have to check if they are not using your online forms to send the spam.

I was explaining this just a few weeks back to one client of mine. To get the point to her I made a simple script that when she visits it would send her email from george.bush@whitehouse.gov sayhing howdy and info@google.com saying that she must send them her CC informations.

She didn't understand the joke at first so when she recieved two emails she wrote me an angry letter that this spammers are getting her totally mad and that she is reporting this strange emails she got from george bush and google to the *internet crime complaint center*. I was able to stop her before she sent complaints...

An easy way to test it is to open your account settings in Outlook Express (or whatever email program) and change the field Email Address to anything. It will send email right out using that address.

You can use SPF in your domain record to help with this. It provides a list of domains/servers you have authorized to send email using your domain name. The receiving server knows the sending server's address and blocks it if it isn't on the authorized list. SPF isn't a standard so most servers don't check, but most of the larger ISPs/email providers have adopted it, including AOL and Hotmail. Note that it's tricky to get it right and you can end up having legitimate emails blocked if you do it wrong.

http://www.openspf.org/