Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: how to stop spoofed email addresses?

  1. #1

    Default how to stop spoofed email addresses?

    First, I'll chime in and say I love bluehost -- great host at a great price. :)

    Now, my problem:
    I'm seeing a lot of "spoofed emails" that appear to be coming from my domain (foo@mybluehostdomain.com). These are obviously spoofs and invalid email address. Is there any way to stop this? I don't want folks to think that they're being spamed from me.

    Also, I see a lot of email being sent to my domain to an invalid email address (such as someunknownuser@mybluehostdomain.com). Other than turning off the "catch-all" email address, is there a way to stop this?

    Thanks,

    -R

  2. #2
    Join Date
    Feb 2006
    Posts
    26

    Default

    Quote Originally Posted by ricks99
    Other than turning off the "catch-all" email address, is there a way to stop this?
    That's the problem when using a catch-all email address. It means every email sent to anyname@yourdomain will get through which gives spammers a broad target to shoot at.

    If you limit your email addresses to those that are essential, 95% of spam sent to your domain will get bounced. Takes only a few minutes to set up and saves you loads of time dealing with spam.

  3. #3
    Join Date
    Feb 2006
    Posts
    23

    Default

    Talk to Tech Support about setting up an SPF (spoof) record. It stops all email that did not originate from a list of domains that you send out mail from. i.e. business email, home email (basically all the smtp's that you are using). I had a similar problem at a previous isp and they couldnt solve it, I spoke to BH tech support prior to signing up and they told me about the spf and set me up that day and have not had the problem at all.
    Good Luck!

  4. #4
    Join Date
    Feb 2006
    Posts
    28

    Default

    An SPF (Sender Policy Framework) record will certainly help the situation (you can read more about how this works here), but you should keep in mind this is not completely foolproof, as it requires the receiving organization to support SPF or SenderID (Microsoft's implementation of SPF).

    Basically, you publish an SPF record in your DNS (or in this case have Bluehost do it for you) that identifies those mail servers that are allowed to send mail representing your domain name. Any receiving server that supports SPF/SenderID will check for the SPF record and reject the e-mail in some fashion if it didn't come from a permitted mail server.

    This rejection could take the form of silently discarding the message, bouncing it back to the sender, or moving it to the user's junk mail folder, so even the specific implementations are slightly different.

    Some of the major web e-mail services are now starting to support this technology, but it's still not in widespread use, so it's not a foolproof solution to ensure that nobody ever gets an e-mail with your domain or e-mail address in the "from" line.

  5. #5
    Join Date
    Feb 2006
    Posts
    23

    Default

    But is that probably the best choice for now?

  6. #6
    Join Date
    Feb 2006
    Posts
    81

    Default

    Quote Originally Posted by jdh
    Basically, you publish an SPF record in your DNS (or in this case have Bluehost do it for you) that identifies those mail servers that are allowed to send mail representing your domain name. Any receiving server that supports SPF/SenderID will check for the SPF record and reject the e-mail in some fashion if it didn't come from a permitted mail server.
    That's fantastic. I didn't know that. Invalid emails at my domain have been used in the past (about three/four years ago) for spam runs. This is good to know should it ever happen again. Very impressive that Bluehost would enable it for users too.

  7. #7
    Join Date
    Feb 2006
    Posts
    28

    Default

    Quote Originally Posted by thirstee
    But is that probably the best choice for now?
    Well, to be fair that's probably the only choice for now. I guess the short answer is that something is better than nothing.

    There was some discussion that Hotmail was going to start enforcing SPF records as part of Microsoft's SenderID specification last November, which would have meant that anybody without an SPF record for their domain wouldn't be able to send to Hotmail users. Realistically, I don't think they ended up being able to do this. As far as I know, Hotmail will read and use an SPF record if it exists, but it does not yet require an SPF record.

    Bottom line is that it's certainly not going to hurt to have an SPF record put in, as long as it's properly constructed (and I'm assuming Bluehost's staff can figure this out for you, since they know which mail servers are involved).

    It's just important that you don't expect this to actually be a full solution to the problem, since there are a lot of systems out there that don't support it (in other words, don't assume that once you put this in that others could implicitly trust all mail from your address as actually coming from you).

  8. #8
    Join Date
    Feb 2006
    Posts
    23

    Default

    Yes, like Isaid before. I contacted Bluehost prior to buying services with them. They said its a simple 1 line record. They added it for me at the time of signup and now forot he p[ast few months, have not had the problem. My old crappy host just blamed it onme and turned off my account without warning saying it was too much bandwidth on their servers. They said they were getting 100k + bounces per hour and never hear of a SPF record! Such morons! It took 1 call from a non customer to see BH knows their stuff! Thanks Bluehost!

  9. #9

    Default Tx!

    Thanks for the suggestions. I've turned off my "catch-all" address. Hopefully this will help.

  10. #10
    Join Date
    Feb 2006
    Posts
    193

    Default Fantastic help

    I cam across this and i think its a great thing to know. I too have a serious spoofing problem that worries me. I'm gonna nip it in the butt right now. Thanks for the great advice.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •