Email is sent as plain-text. Because of this, there is no verification of any of the email content, including the sender "From" address.
Spammers exploit this by constructing random From addresses and eventually every domain owner will have some spammer send out email "From" your domain that really is not from your domain or coming from your site or email servers.
Luckily, almost all email users figure out right away that the from address on spam is usually fake so it is rare for someone to contact you about this when it happens.
In most cases, the "second victim", you, the domain owner spoofed in the from address does not even know that they were spoofed...except in one case.
Whenever the domain owner is using a catch-all email address, which is the setting named "Default Address" in the email control panel, then any email to their domain will go into the default email account.
In this special case, all of the email failure messages bounce back to the spoofed domain and right into the default email inbox.
There are multiple ways to solve this problem, but the easiest and most effective is to turn off the default address setting.
If you currently have a few "virtual" addresses at your domain, such as sales@ or support@, you will want to create a specific forwarder for each of those and then set the Default Address setting to the Fail:: option instead.
There are also a few anti-spoof, anti-spammer combat methods that can be activated to discourage the use of your domain as a fake From address, but they will create extra work and effort for you to use so most people don't care enough to add personal inconvenience to themselves.
Please let us know if you would like help turning off the Default Address or if you would like more information on anti-spoof tactics.
Thank You,
Gem3 Support
- 0 Users Found This Useful
