Spam Emails Sent Through my Domaian

  • Hi,
    I installed the plugin in conjunction with sendgrid. Sending forms is working fine. I have noticed, however, that I am receiving a lot of spam emails sent from my own domain name! the sender is wordpress@mydomain name
    How is that happening? how can spammers use my own domain name to send their emails? Is there a configuration I can change to stop spammers from using my domain to send emails?

Viewing 1 replies (of 1 total)
  • Plugin Author Jason Hendriks

    (@jasonhendriks)

    How is that happening?

    Simply, the From: address in email is normally never authenticated. Anyone can set any From: address they like and hit send. (If you think about it, didn’t Postman ask you what the From: address you wanted to use was?) This is how phishing works. Some spammer sends an email from [email protected] and there’s nothing there to indicate that it isn’t actually from you.

    how can spammers use my own domain name to send their emails?

    Well, the domain in the From: address may have been your domain, but it’s not likely they used your own server to send it. Anyone can setup an SMTP server on the Internet to send mail. That’s the strength (and weakness) of SMTP. An SMTP server that allows connections from anywhere, to send mail to anywhere, is known as an open relay.

    Is there a configuration I can change to stop spammers from using my domain to send emails?

    Actually, there are two. One is known as DKIM and the other is known as SPF. If you tried to set up your postman to send email with my address, it would likely fail. Let’s take a look at the DNS configuration for my domain to understand why:

    Jasons-Mac-Pro:Downloads jasonhendriks$ dig txt hendriks.ca

; <<>> DiG 9.8.3-P1 <<>> txt hendriks.ca
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24741
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;hendriks.ca.			IN	TXT

;; ANSWER SECTION:
hendriks.ca.		3599	IN	TXT	"v=spf1 include:_spf.google.com -all"

;; Query time: 48 msec
;; SERVER: 10.0.1.1#53(10.0.1.1)
;; WHEN: Fri Dec 30 00:42:47 2016
;; MSG SIZE  rcvd: 77

    The output of the command dig txt shows that my domain, hendriks.ca, has a TXT record that indicates the only approved SMTP server is google.com. If any SMTP server on the Internet that obeys SPF (and that’s most of the big ones) receives an email with a From: address of hendriks.ca that didn’t originate from google.com, it should be deleted.

    FYI, some mail services, like Gmail, will increase the spam score for emails that don’t arrive with an SPF tag. This is the number one cause for “vanishing email”.

    Ask your email service provider about configuring your domain’s SPF TXT record. This guide may help: https://www.mail-tester.com/spf/

    Cheers,
    Jason

Viewing 1 replies (of 1 total)
  • The topic ‘Spam Emails Sent Through my Domaian’ is closed to new replies.