What to do if your email address is being spoofed
Let’s get started…
What is spoofing?
Spoofing means that a spammer is sending email with forged headers to appear to have originated from your email address. This is a tactic used by spammers for various reasons:
- As an attempt to evade spam filtering by sending mail with a legitimate from/reply-to address.
- To prevent bounce-back notifications being returned to the spammer’s own mailbox.
- It could also be a result of a friend or colleague’s mailbox being hacked and then targeted with spam mail from addresses in their contacts list. When the message is rejected by spam filters, the bounce-back is returned to the reply-to address included in the forged headers of the spam mail.
How to identify if your mailbox is compromised or if your address is being spoofed?
The first sign of your email being spoofed is bounce-back messages for emails you have not sent. Or you may see spam emails that show as coming from your own email address appearing in your inbox.
It should be possible to identify spoofed emails by looking at the message headers included in any bounce-back emails being returned to your mailbox. O you can check the headers of a spam email showing from your own email address. These headers will provide details of the server/IP address that the messages have originated from.
If you are not sure how to see your email headers a guide can be found here.
We would recommend contacting the LCN support team for any help with checking this, so that appropriate action can be taken to secure your mailbox.
What can I do?
Unfortunately, there isn’t much that can be done to stop email spoofing from happening. However, there are measures that you can take to make sure that other mail providers can identify and block these messages as spam. One step you can take to help make sure that only genuine messages sent from your address will be accepted by other mail providers is to configure a Sender Policy Framework (SPF) record for your domain.
SPF records specify which mail servers can send email on behalf of your domain. When an email is received, the receiving mail server uses the SPF record to check that mail is being sent by an authorised mail server. If not the mail can be rejected as spam.
For details on how to add an SPF record see our guide here.
By default, the SPF policy for domains hosted with LCN is set to neutral. This is applied in case you need to send outgoing mail from any servers other than the LCN mail server.
You can change the SPF policy for your domain to a strict policy. This will specify that only servers included in the SPF record can send mail from addresses at your domain.
This is applied by changing the flag at the end of the record to: -all
If you are not sure how to configure the SPF record for your domain we’d recommend you get in touch with the LCN support team.
That’s it! You have now taken measures to help prevent your email from being spoofed.