:
Newsletter - April 2007
Dealing With Spam
Over the past few months I suddenly started receiving inordinate amounts of spam email. I also began receiving troubling emails from people who indicated that someone at my site was sending out malicious or Spam emails to them. I thought I would share with you how I alleviated the problem.
- First, I called my hosting company and discussed the way my email was set up. I changed my email address from an alias to a user.
- I then made sure that my email address did not appear anywhere “clickable” on my website, instead relying on a contact form to communicate with visitors.
-
I was receiving a lot of returned mail in my in basket that I did not initiate. This email did not originate from my server, but appeared to have been “spoofed.”
Email spoofing refers to the process of sending an email message from one source but making it appear as though the email was sent from a different source. For example, an email originates from user@domain.com but it appears to be from email@address.com. Another method of spoofing is to make the message appear to come from an unknown user within your domain name. For example, the message appears to be from support@yourdomain.com.
This does not mean that your email account was compromised. It means that the sender has fooled the mail client into believing the email originated from a different address.
This is usually done for malicious reasons, either to distribute unsolicited email or to distribute email viruses. Unfortunately there is no real way to prevent spoofing from occurring. If you receive an email that has questionable content it is recommend that you delete the email message or use an antivirus program to scan the message before opening it.
One thing you can do is to create an SPF, or Sender Policy Framework for your site, which you can do at openspf.org by following the simple instructions, and this will cut down on a lot of email spoofing. Once you have your SPF record, email it to your hosting company so they can add it to your DNS zone for you. With the exception of an SPF, there is really not much that can be done to prevent email spoofing.
