Is having my email address spoofed a problem?

Topic

New Reply

Hi Fellow Loungers,

I have my own domain, website and three active email addresses.

Just recently I have been receiving multiple emails to one of these addresses, from postmaster@ or mailer-daemon@ advising of undeliverable emails. Looking at the emails, they are always spam, and my email address has been spoofed as the ‘return’ address.

I am not involved in sending any of these emails and even after changing my web server domain password and the particular email password, these ‘bounces’ keep occuring.

While many of the original emails are in English, others are in Dutch, Spanish, German, Italian, Portuguese and even Chinese.

I am concerned that my email address may be ‘black-listed’. Is there anything I can, or should do?

Dennis in Melbourne
Ban shreded cheese so America can be grate again!

Reply | Quote

Replies

When changing the password doesn’t work then it will be best if you contact the email provider.

These are the links for Gmail and Outlook –

https://support.google.com/mail/answer/50270?hl=en

https://support.office.com/en-gb/article/Get-help-with-Outlook-com-40676AD0-C831-45AC-A023-5BE633BE798D?ui=en-US&rs=en-GB&ad=GB

Reply | Quote

When changing the password doesn’t work then it will be best if you contact the email provider.

These are the links for Gmail and Outlook –

https://support.google.com/mail/answer/50270?hl=en

https://support.office.com/en-gb/article/Get-help-with-Outlook-com-40676AD0-C831-45AC-A023-5BE633BE798D?ui=en-US&rs=en-GB&ad=GB

My host, (and email provider), is Just Host, my domain is irishtype3dna.org and I use Mozilla Thunderbird as my email client. I have contacted Just Host and they merely suggested changing passwords, which, I have found, made no difference … I am still receiving bounced messages.

Am I correct, that if someone wants to spoof the sending address, they can enter anything they like … they don’t have to have access to that account, do they? They are just entering a legitimate address, mine.

Reply | Quote

Am I correct, that if someone wants to spoof the sending address, they can enter anything they like … they don’t have to have access to that account, do they? They are just entering a legitimate address, mine.

Yes that’s quite right they can spoof any sender name

I have my own domain which I’ve had for around 10 years and it happens from time to time. If you forward to yourself all the incoming messages which don’t have a valid mailbox you can see it in action.

For example, if my email mailbox is “”abc@example” you see return messages for “xyz@example.com”” “wroryt@example.com” and so on.

Changing your password is a good precaution in case you’ve been hacked but wont stop someone spoofing your email.

Unfortunately it’s just something you have to put up with as even if you change domain it’s likely to happen again.

Reply | Quote

Thank you Slorm. Excellent explanation.

Reply | Quote

…I use Mozilla Thunderbird as my email client…

You might be able to get something useful by looking at the headers of the spoofed messages.

In Thunderbird right-click on one of them then point at “Copy to Clipboard” then left-click “Headers”; then open Notepad and paste the clipboard content into Notepad.

46013-TbirdCopyHeader

Reply | Quote

Contact the ISP/email provider quickly, your email address certainly can be banned by several ISPs. Being spoofed was not your fault, however, if not acted upon i.e. reporting such to your ISP/email service, such certainly can become your problem, big time. Thankfully, most spoofs die off over time.

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote

Contact the ISP/email provider quickly, your email address certainly can be banned by several ISPs. Being spoofed was not your fault, however, if not acted upon i.e. reporting such to your ISP/email service, such certainly can become your problem, big time. Thankfully, most spoofs die off over time.

Thank you, at your suggestion I have sent a message to my ISP (Spintel in Melbourne), who will call me in the morning to discuss.

Reply | Quote

Yes. I agree with Slorm (although lots of folks wish that there might be was something meaningful we could do about such behavior). Personally, I hate spammers and spoofing (and I think “fake news” and mindless forwarding of email is also contemptible).

Image or Clone often! Backup, backup, backup, backup......
- - - - -
Home Built: Windows 10 Home 64-bit, AMD Athlon II X3 435 CPU, 16GB RAM, ASUSTeK M4A89GTD-PRO/USB3 (AM3) motherboard, 512GB SanDisk SSD, 3 TB WD HDD, 1024MB ATI AMD RADEON HD 6450 video, ASUS VE278 (1920x1080) display, ATAPI iHAS224 Optical Drive, integrated Realtek HD Audio

Reply | Quote

Generally IP addresses are black listed, not email addresses. The email address is just text inside the email and can be set to anything, whereas the IP address is tied to the ISP and machine.

cheers, Paul

Reply | Quote

Dennis,
I had an occasion like yours a while back. I also use my own domain name. For your domain registry you may want to use a different email address, since this registry is public information. Your domain host may provide (for a fee) an option to hide your registry information. I’ve not had any spoofing recurrence since hiding my registry info.

I still don’t know what the spoofer may have been trying to accomplish. Like you, I changed my password and contacted my email provider. You’re right to closely guard access to your email accounts.

We all should remember that domain registry data is public. Be careful what you put there.
-kc

Reply | Quote

A couple of days ago, I had a legitimate email bounced by btinternet.com. They said in part:-

“Too many messages from un-validated IP address xxx.xxx.xxx.xxx Please add a SPF record to your DNS or ask your Broadband Provider/Domain Registrar to do this.”

I could make no sense of this instruction, however when I went to Just Host help pages I found this:- https://my.justhost.com/hosting/help/spf

Following these instructions I was able to add the required SPF record, and btinternet.com has accepted my emails again.

I hope this helps others.

Reply | Quote

I went to that justhost URL, it is so far above my pay-grade, can somebody tell me in middle school English what and how that good advice is done by an end-user.

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote

Roland, the SPF record is one method to validate that your mail is not from a spam bot.

Example (made up values)
My email domain is mymail.com.
My mail server has the internet IP address or 215.145.31.168.
I create an SPF entry in my public DNS record because I own / control my DNS record.

When I send an email the receiver checks the public DNS and sees that the IP address sending the email is allowed to send email from my domain. All is now well.
If another IP address attempts to send mail from my domain, the receiver will now bounce the message and there is now less spam in the world. All is now even better.

cheers, Paul

Reply | Quote

I don’t own my email domain — can I SPF my email process? One thing, I turn off my DSL modem/router at night, that will affect the SPF, correct?

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote

If you don’t own an email domain you don’t need an SPF record. You can’t create one either.
SPF records exist on public DNS servers, not on your machine. Turning off your router won’t have any effect.

cheers, Paul

Reply | Quote

Do (or should) email providers generally create SPF records for their domains?

Reply | Quote

They do.
Look up your email provider’s DNS records using nwtools.com

cheers, Paul

MS DNS Record

Code:

microsoft.com	IN	TXT	v=spf1 include:_spf-a.microsoft.com include:_spf-b.microsoft.com include:_spf-c.microsoft.com include:_spf-ssg-a.microsoft.com include:spf-a.hotmail.com ip4:147.243.128.24 ip4:147.243.128.26 ip4:147.243.1.153 ip4:147.243.1.47 ip4:147.243.1.48 -all

Reply | Quote

For what it is worth, I have had no further spoofing of my email address since adding the SPF record to my domain. Two weeks now.
v=spf1 a mx ptr include:justhost.com -all see:- https://my.justhost.com/hosting/help/spf for details.
Just hoping that was the final solution.

Reply | Quote

Which suggests most email servers test SPF and are now ignoring the spam.

cheers, Paul

Reply | Quote