How can spammers use my email

How is it possible that spammers are sending out mail with my email address?

Today, nearly all abusive e-mail messages carry fake sender addresses. The victims whose addresses are being abused often suffer from the consequences, because their reputation gets diminished and they have to disclaim liability for the abuse, or waste their time sorting out misdirected bounce messages.

You probably have experienced one kind of abuse or another of your e-mail address yourself in the past, e.g. when you received an error message saying that a message allegedly sent by you could not be delivered to the recipient, although you never sent a message to that address.

Sender address forgery is a threat to users and companies alike, and it even undermines the e-mail medium as a whole because it erodes people's confidence in its reliability. That is why your bank never sends you information about your account by e-mail and keeps making a point of that fact.

This is technique that has been used by spammers for years. In any email client there are settings where you input the from email address and name to be displayed when sending mail. There is nothing to prevent you from sending an email to a friend that has a from email that says bill.gates@microsoft.com. Now of course if your friend replies to the email, it will go to Bill Gates and not you.

When a spammer sends email they dynamically rotate the from email addess using random emails. The addresses they choose are usually random, but the domain name is real. For example, they would send 100 emails with the from email john@yourdomain.com, then the next 100 emails would be from mary@yourdomain.com or they could send 1 million emails with your email as the from address.

When these emails are sent out, some will bounce because the address is invalid, or the users mailbox is full, or when people receive these emails some will hit the reply button to complain, and by hitting reply it will go to you. There is nothing you can do to help the person complaining and we recommend that you just delete the email and forget about it.

What can be done?

SPF DNS Entry There is only one thing that can be done to hinder the ability of spammers to send mail with your domain name. You will need to request that your dns provider add an entry into your dns file called a SPF. This entry will specify the mail servers that are allowed to send mail with your domain name. When other mail servers receive mail, they should check for a SPF entry, and if it exists check to see that the email came from that server. If it doesn't they other mail server will delete the message. The problem is that the vast majority of mail servers do not do this check, so it will not stop the spammers, but any intelligent spammer will not choose to use a domain with a SPF entry, because it will reduce the amount of mail that gets delivered.

Important Note: If you create an SPF file you can ot send email from any other mail servers than those specified in the entry. If you try to send email from a server that is not listed much of the mail will not get delivered. For example, it is common for companies to send newsletters from third party providers. If they don't find out the ip address of this provider and add it to the SPF file the emails will get blocked.

Remove any email dump accounts
It is a common practice to have an entry in your email server like @yourdomain.com that tells the email server to accept any email address at your domain name. We do not recommend doing this, because it means you will get any random email that someone uses to send you mail. Removing the dump account will not stop the spammers, but it will reduce the amount of junk mail you see in your inbox.