0

I'm hoping the community can help me shed some light on a recent email spoof. Yesterday my client woke up to find hundreds of bounced failure notices.

The client did not personally send any of these emails. Each failure notice had a different reply-to address i.e.

xyxyxs@client-domain.co.uk trg@client-domain.co.uk hjd@client-domain.co.uk

The various reply-to addresses suggest that only the clients domain had been spoofed and not a specific email account (i.e actual-email@client-domain.co.uk).

I know if your email account has been spoofed, it's game over and you need to create a new email address. However, a specific address hasn't been targeted. Am I correct in thinking that I do not need to delete and create a new email address? I also assume the domain would have been widely blacklisted? Should I move hosting companies and would this make a difference?

Either way, I'll be implementing DKIM.

Sorry for so many questions, I'm just a little lost as the spoofer didn't target a specific email address.

Thanks

Sam
  • 101
  • 3
  • use also SPF, not just DKIM. my guess is that at the moment SPF is more widely checked than DKIM. – pQd Sep 12 '13 at 10:46

1 Answers1

1

If I understand well, a spammer sent email with a forged from header.

Unfortunately, this is easy to do, but it has no other consequence but annoyance. You have therefore nothing to do except securing your server with SPF and dkim.

You speak about changing the hosting company. There is no need at all, not even for changing the mail address, at least if I understand what happened to you.

Lorenz Meyer
  • 430
  • 2
  • 9
  • 25
  • Thank you Lorenz. I'm just glad that a specific address wasn't used. I'll now be implementing SPF and DKIM. Have a great day :) – Sam Sep 12 '13 at 11:25