Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1953
  • Last Modified:

How do I prevent spoofing of my domain name?

I'm getting quite a large amount of bounce-back emails from various webservers, because apparently some spammer got a hold of my domain name and is sending out spam spoofed as a fake account on my domain.

I can think of a few ways to prevent receiving these bounce-backs, but I was wondering if there is anything I could do that would absolutely prevent people from using my domain name as a fake email address. I'm not too happy about my name being put into probably thousands of spam messages.

I am also contacting my hosting provider as well, but I was wondering if there was anything that I could do myself, perhaps with a setting on the webserver itself? Something I should ask the webserver techs?

Thanks.
0
j_gordon
Asked:
j_gordon
  • 2
  • 2
  • 2
  • +3
4 Solutions
 
giltjrCommented:
Umm, generally e-mail are not bounced back based on domain name.  They are generally bounced back because the IP address of the e-mail server.

Are you running your own SMTP server?  Do you have it properly secured?  Such as not allowing domain relaying?

Anybody can spoof the name of the domain on e-mail, this is why rejects is based on IP addresses and not domain name.
0
 
KyanarCommented:
Hi there,

I highly suggest you go to some effort and set up either DKIM or SPF for your domain - you do this in DNS.  Refer to http://mipassoc.org/dkim/ and http://www.openspf.org/ for more details.  Be aware however that this will not necessarily stop all bounce emails, as any server which does not verify SPF/DKIM records will still happily accept all email claiming to be from your domain - and then scream at you when it can't deliver it.  It does, from my experience, stop a good few now with the major players in the SMTP server market now using these anti-spam systems.
0
 
r-kCommented:
In fact there isn't a whole lot you can do to prevent this. Until things like SPF become widely used, anyone can send email with any return address they choose, and quite a few mail servers will bounce it back to you. Good idea to make sure they are they are not originating from your server, just in case, as suggested by giltjr.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
ahoffmannCommented:
simple question (see title), simple answer: you cannot. Dot. Period.
0
 
jhanceCommented:
>>Umm, generally e-mail are not bounced back based on domain name.  They are generally bounced back because
>>the IP address of the e-mail server.


Ummm, that's totally incorrect.  Emails are bounced back to the RETURN address in the header of the email message.  Look at any message and you'll see something like this (sample of real SPAM):

Reply-To: "Wm Wills" <mahbuburkatj@grameenphone.com>
From: "Wm" <mahbuburkatj@grameenphone.com>
Message-ID: <0121416952.20060509104517@dyipetjianclew>
Date: Tue, 9 May 2006 10:45:17 -0500
To: <myaddress@domain.com>
Subject: mettle spurted on her bazoongie$
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Note the line:

Reply-To: "Wm Wills" <mahbuburkatj@grameenphone.com>

This is where bounces will be sent to, although some server will send to the "From" address instead.  The IP address of the server or the originator has NOTHING to do with where bounces get sent.

The IP address traces are good, however, for determining the TRUE ORIGIN of the message.  In this case:

Received: from [89.132.16.25] (helo=adsl-59841019.monradsl.monornet.hu)
        by mx.perfora.net (node=mxus3) with ESMTP (Nemesis),
        id 0MKvAI-1FdUMZ2byL-0001DC for myaddress@domain.com; Tue, 09 May 2006 11:43:04 -0400
Received: from scan.telenor.net
        by adsl-59841019.monradsl.monornet.hu (Postfix) with ESMTP id 5ABA10F153
        for <myaddress@domain.com>; Tue, 9 May 2006 10:45:17 -0500
Received: from 210.179.222.119
        by scan.telenor.net (8.12.8/8.12.8/Submit) id g3mk4uSdOGbZkI
        for <myaddress@domain.com>; Tue, 9 May 2006 10:45:17 -0500

Shows where this message came from.  The TOP "Received" line is genuine, the bottom 2 are faked (in all likelyhood) since they don't look "right" and are not where an email message should have come from.  (It takes a little practice reading these.)  So this SPAM originated at IP = 89.132.16.25 which is indeed hostname:

adsl-59841019.monradsl.monornet.hu

Probably some hijacked desktop computer in Hungary being used as a part of a botnet.  But if the "To:" address were wrong, the server that received this message would BOUNCE it to:

mahbuburkatj@grameenphone.com

Which is the purported sending of the message, but is not really.


What can you do about this?  Nothing much.  The way SMTP (i.e. the EMAIL sending protocol) works lets you send any message you want with any return address you want.  In fact SPAMMER use this to their advantage when they can't send email directly to a destination.  The intentionally send to a bogus address with YOUR email address as the "From" address.  Then the server in question, which might be configured to prevent SPAM relay, will gladly deliver the SPAM to YOU as a bounced email.



0
 
giltjrCommented:
jhance, you are correct.  My comment was based on what I understood the problem to be ,which after re-reading the question I mis-understood.

I thought that he meant that valid e-mail from him was being bounced back, as in his domain was blacklisted and that he beleived this was being done because somebody spoofed his domain name.

After re-reading it, that is most likely not the case and it is what you posted.  Somebody sent e-mail making it appear it was from him and the reject was sent to him.

Which there is nothing that can be done about this for the time being.
0
 
jhanceCommented:
No problem.  Generally your IP won't get blacklisted from a domain name.  Any such blacklist would quickly become useless since any domain name can be (and in fact _is_) used by anyone in the SPAM "business".  A blacklist should not detect SPAM as a bounced message but rather should be looking only at the SOURCE or, if relayed, the RELAY server of the SPAM.

A pet-peeve of mine are the misconfigured "SPAM" detectors that bounce SPAM to the "sender" when, in fact, the person listed as the sender had nothing to do with the message and, more importantly, can do NOTHING about the SPAM.  Admins who contribute to the SPAM problem be having their systems send back "SPAM" receipts should be reserved a special place in hell where they have to receive SPAM bounces all day and night...
0
 
j_gordonAuthor Commented:
Okay, so if there's not a whole lot I can do to prevent it from happening, how would I go about at least preventing my inbox from being flooded with hundreds of bounce-backs every day?

I do not host the server at all myself, by the way. But I do have access to creating new email accounts and email filters.
0
 
KyanarCommented:
You could set up anti-spam software such as POPFile (http://popfile.sourceforge.net) and retrieve all your email through it... it takes a bit to "teach" it what is good and what is not, but pretty soon it would catch most of your spam.
0
 
r-kCommented:
Yes, or your email client may have some filters you could create to route all bounced mail to a special folder other than your Inbox.
0
 
ahoffmannCommented:
> .. how would I go about at least preventing my inbox from being flooded  ..
again: you cannot.
You only can use a MUA which has a filter to trash unsolisted mails, but they all reach you inbox first.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 2
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now