k10magic

Today I woke up to find out that hundreds of spam e-mail have been sent from my domain name! Even though I have never sent a single e-mail! Clearly my e-mail is being forged. What can I do?

nathon

Have support create an spf record for you

http://openspf.org
http://en.wikipedia.org/wiki/E-mail_spoofing

__________________
I'm proud to say I never have and never will use vista

miakeru

Unfortunately there's not a whole lot you can do. I'd highly recommend removing your email addresses from your websites (if they're present) or enabling a WHOIS privacy service on your domain registration to hide your email address, if possible. These two ways are where spammers get to harvest the most email addresses to send spam to and make it look like spam is coming from.

SPF records are a good option in theory, but not in practice. They're literally useless. Both mail servers involved in the transaction of email must be using SPF and have it enabled/configured correctly. It's a very good chance that the mail servers spammers are using (usually just compromised (with viruses) PCs) or mail servers they've set up specifically for spamming. Wouldn't make sense for them to set up SPF on either of those! Without SPF being enabled both on the sending and receiving machines, it's rendered completely useless for that mail transaction.

I honestly wouldn't waste your time writing out a ticket. You won't see it reduce the spam you receive at all nor will it stop any spammer that's not using a legitimate email service (like Gmail) from sending spam "from" your domain. Just take my two suggestions above and once your address/domain falls off the spammers lists you shouldn't see any more forged emails coming to you. They cycle through lists every so often as their robots harvest more addresses and domains to "use".

I hope that helps/enlightens!

GotRank?

I have the same problem. It's not spam coming to me, it's spam coming "from" my domains. I get about 150 spame emails a day, but Mail from Apple filters most (98%) of it out. Is there a way to turn authentication on or turn off the outgoing mail server? I have to use my ISP for outgoing mail.

miakeru

Just give my post a read above and you should understand how/why this this is being done a bit better. Surpass should already have outgoing authentication required on their mail servers, but your ISP usually does authentication via IP instead of requiring a username and password.

Dan

Are you getting spam e-mails from random addresses on your domain? like Sharonyourdomain.com and random names like that?

If this is the case you have the default e-mail address set to your address and need to change it to :fail: in cpanel that should stop those kind of e-mail from reaching you 100%

__________________
D4nz Net - Surpass Help Desk - NES Forever
Use the thanks button. It works!
AIM: dansorl

nathon

I'm not sure you fully know what you are talking about.
1- It doesn't matter if the email address is on the website or on the whois, k10magic isn't referring to spam being sent to her domain but bounce backs of spoofed emails. These can be randomly generated for any domain

2- An SPF record does work a good amount of the time and saying not to create it at all makes no sense. I agree with Dan in saying to set catch-all to fail because you will not receive the bounce backs.

In theory anyone can spoof an email address by setting up your email client to use these email settings except for a different outgoing server.

Yes spammers will never be stopped but saying to change your whois does nothing, telling them to create an SPF record which is designed to prevent this may actually make a difference

Oh and most servers do comply with SPF records. Spammers within the past 5 years have switched to rooted servers to send spam usually. This was done because them purchasing servers was leaving a paper trail and they are easy to shut down.

__________________
I'm proud to say I never have and never will use vista

Alex

mailicous users that send spam will simply forge (spoof) your email address so that when they send spam, and it is picked up by a server as spam and bounces back, instead of them getting it back it is delivered to the spoofed address.

If your default address is set to your username or a valid email address on your account, you will receive these messages as the default address serves purpose to receive all 'unrouteable emails'. By setting your default address to :fail: No Such User Here, your account will not accept unrouted emails and will only permit emails to VALID accounts in your cPanel.

__________________
Sauce 'em up Surpass Style!


<=== Meet Bonzai, my fish.

miakeru

You have misunderstood. I was using this as an example of a way that spammers harvest email addresses. These harvested email addresses are used to spoof outgoing email as well as to build a list to send spam to.

I'd like to see a case where an SPF record on a personally-hosted domain (with a company like Surpass, etc...) has actually benefited someone by stopping people from spoofing email from their domain.

Believe me, I've got professional experience with dealing with issues like this and I've *never* seen SPF correct this issue when it's been used. Prove me wrong, please, because I'd really like to love SPF. It's a great idea.

It does plenty to remove one more common way that spammers use to harvest email addresses to be used for spoofs. If your email address isn't present in your whois record, you won't receive bounces from people using your domain to spam... this is because your domain would not be present.

Using a throwaway email address or a whois privacy service helps with this. I'm sorry that you're not able to understand that.

Most servers may "comply" with them (as in be capable of support SPF) but hardly "most" actually use it. If you have data that shows otherwise, I'd be happy to see it!