How Is It Possible To Send Email Under Our Domain Name

18

7

Spammers or someone is sending emails using our domain.

  • The emails are from a user we didn't create called regeniaberry67a@ourdomain.com.au.
  • The email is to regeniaberry@ubtanet.com.
  • The content of the email talks about a stock that is 6 cents but will go to 15 cents and that someone should buy it. It contains a link to Yahoo's finance website but I wont click it so I'm not sure if its legitimate. We know of the emails because we get bouncebacks (the recipient mustn't exist).

What could allow a someone/bot to send an email under our domain name? Is there anything we can do to stop this? Is this Dictionary Spamming?

sazr

Posted 2014-10-20T23:27:56.427

Reputation: 309

What could allow a someone/bot to send an email under our domain name? - Google SPF, then set it up. That is about all you can realistically do. – Zoredache – 2014-10-20T23:34:34.420

1An e-mail can contain any Reply-to address you choose. Some e-mail servers will send undeliverable notifications back to the Reply-to address, rather than the originator. On-line mail handlers like Gmail require you to validate any Reply-to address you use when composing on-line, but there is no such restriction when using a remote client with POP3/IMAP. And if you run your own e-mail server you can probably also fake the From address. – AFH – 2014-10-21T00:09:08.287

1How Spammers Spoof Your Email Address (and How to Protect Yourself) – DavidPostill – 2014-10-21T05:42:28.413

Answers

32

The SMTP protocol does not include any controls over the From: and To: fields in an email. They can be whatever you like, provided you have authority to send emails using the SMTP server.

So the short answer is nothing prevents anyone using your domain in emails they send. Even normal users can put whatever email address they like in their email settings.

Spammers routinely use valid domain names as From addresses to avoid being blocked.

While you cannot stop someone sending emails with your domain name, you can help email servers around the world understand if emails sent from your domain name actually originated from you and are legitimate emails, so that any others can be discarded as spam.

SPF

One way is to use SPF. This is a record that goes into DNS and lets the internet know what servers are permitted to send emails on behalf of your domain. It looks like this:

ourdomain.com.au.  IN TXT "v=spf1 mx ip4:123.123.123.123 -all"

This says that the only valid sources of email for the ourdomain.com.au are the MX server - the server defined as the recipient of emails for the domain, and another server at 123.123.123.123. Email from any other server should be considered spam.

Most email servers will check for the presence of this DNS record and act accordingly.

DKIM

While SPF is easy to set up, DKIM takes a little more effort, and should be implemented by your email server administrator. If you send your email via an ISP email server, they will often have methods for quick setup of DKIM.

DKIM works similarly to SSL certificates. A public / private keypair is generated. The private key is known only to the email server, and it will sign any outgoing emails.

The public key is published using DNS. So any server receiving emails marked as coming from your domain can check that the email was signed by retrieving the public key and checking the signature in the emails. If no signature is present, or it is incorrect, the email can be considered spam.

Paul

Posted 2014-10-20T23:27:56.427

Reputation: 52 173

+1, How well adopted are these? – chbaker0 – 2014-10-21T06:49:44.453

1The main players used them - gmail etc, plus the main control panels like cPanel. Most email servers have a way to support them, so coverage us usually absent through it not being implemented, rather than not being available. – Paul – 2014-10-21T08:12:16.877

1I've implemented the SPF and DKIM just recently, and they both seem to work just fine. They're not magic, it's a bit like robots.txt, Google respects it, but doesn't have to. – Martijn – 2014-10-21T13:48:25.080

1@Martijn The choice of respecting SPF or not is at the receivers end. Nothing can be done if the reciever wants to receive spam ... (Then again, there are scenarios that make SPF implementaion slightly nontrivial, such as internal redirects and backup mailservers: One has to make sure that only the first receiving MTA chekcs SPF) – Hagen von Eitzen – 2014-10-21T14:28:49.047

1SPF seems to be pretty well adopted at this point (it's been around for a long time, adoption was a slow process). DKIM seems to be more hit or miss. – Brian Knoblauch – 2014-10-21T17:50:37.333

Asked: 2014-10-20T23:27:56.427

Viewed: 2 979 times

Active: 2014-10-21T00:37:05.253