How to Identify and Minimize Email Spoofing
Recognize the Difference Between a Compromised Email Account vs. Email Spoofing
When an email account has been compromised, a 3rd party has cracked your password and is using your account to send spam from your email server.
Email spoofing occurs when a 3rd party sender uses your email address as the FROM address in messages they are sending out using a 3rd party mail server. This makes it appear in the email headers as if the message originated from your account, even though it did not. The 3rd party has not cracked your email account password and is not using your account to send outgoing messages from your email server. Unfortunately, any bounced email messages or undeliverable messages will be sent back to your email address, listed in the FROM address. Spammers use spoofing as a tactic to make the message appear more legitimate and increase its chance of reaching a recipient.
How to Determine if Your Email Address Is Being Spoofed
Examine the full header of a returned message to see what IP address it was sent from. If the message was sent from the IP address of your server, you have likely been compromised and should contact Managed.com Support to report this. If the message was sent from an IP address other than your server's, you have been spoofed.
How to Minimize Spoofing of Your Email Address
Remember, these steps can minimize spoofing of your email address, but there is no fool-proof way to prevent spoofing.
- Add a SPF record which detects spoofing by verifying the IP address(es) of the sender.
- Mail Radar's SPF Wizard - Plesk will allow you to add a SPF record (if you tell it to create one that just says "+all"). Often it works but sometimes you will still receive a bounce back saying the record is incorrect. The Plesk record may not be specific enough. This wizard does a better job of creating the records.
- Do not post your email address in public view.
- Be careful who you share your email address with.
- Use one email account for primary communication with trusted individuals and a separate, secondary email account for your other Internet activities. You can easily close and replace the secondary account if spoofing becomes an issue without it affecting your primary account where your most important communication takes place.
- You know those funny, entertaining, or shocking email messages that friends and relatives may be sending by forwarding them to you and everyone else in their address book? Scroll down through the message and note how many times it has been forwarded and how many email addresses you can find. These messages are a gold mine for spammers to harvest email addresses from. Don't forward messages like this to others and ask them not to forward them to you. If they continue to forward them, ask that they use BCC (blind carbon copy).