Lounge Network - Knowledge Base

  View Printer Friendly Version Search
HELP: Why do I keep receiving email bounces for email I didn’t send?
This occurs when a spammer sends email and sets the ’from’ address to your own email address. This is often referred to as 'spoofing'. This can occur due to internet’ s universal email system, which allows the sender to set their email address to anything they like. Banks are often a target of this, and spammers will send out phishing emails using fake bank email addresses. Often they will use an automated 'dictionary' which will fill in common email names before domain extension. The reason spammers use the email address of your domain name, is that a lot of mail servers check that the ’from’ address, to check that it is a valid domain before accepting the email. The spammers harvest your email and domain name from your website, as they have special software that crawls the internet searching for valid domain names and email addresses to use. This is why it is very important that if you display your email address on your website, that you use some form of email encryption script. You will be able to find such scripts by conducting a google search.

The best way to combat Spoofed emails using your domain name, is to setup or enable 'Sender Policy Framework' (SPF) on your domain. You can do this inside the CPanel control panel by logging into your main CPanel page, go to the 'Email' section, and click the 'Email Authentication' icon. Then under the SPF section, click the 'enable' button. Clients on our Corporate or Business grade hosting plans can setup SPF records by following the SPF setup instructions here.

There are also some virus’s and malware that unsuspecting computer users have been infected with on their personal computers that also do the same thing, and that crawl the users personal computer for valid email addresses and then automatically send these email addresses back to the spammer.Often the spammers spamming software will also create a random string of characters that it places at the beginning of your domain name, to create the ’from’ address. e.g. iuysdfgiy3576@yourdomainname.co.nz . The reason that you would receive the bounced emails, is because you have a ’catchall’ address setup. The ’catchall’ email address captures all email sent to your domain no matter what is put at the beginning of the @. The only way to prevent receiving these is to remove the ’catchall’ and setup only the specific email addresses that you use for your email.

Please note that if your email address is spoofed, and the email is reported as spam by a recipient, that your domain shouldn't get blacklisted in the RBL (realtime blacklist database). The best blacklisting databases will usually only blacklist the originating IP number of the senders server, and not the domain name contained in the email address.

Another thing we need to highlight, is if you have a website that uses formmail or any other automated scripts, you are required to keep your scripts up to date with the latest and most secure versions of the script. Spammers can hack unsecured scripts and use them to send spam through the server.
Therefore always make sure that your website is use the most secure version of any website scripts.


Knowledgebase Manager

© Copyright Lounge Network 2001-2020