Recently, I’ve started getting more “bounced” or backscatter email returned to me, as if I was the sender… These messages are SPAM, and are not sent from my account, not from my domain, and not from my hosting service. Someone is generating email messages and forging or spoofing the sender address to make it look like it was sent from another account. It is really simple to do this, but it is also easy to block it.
There are several systems like Sender Policy Framework (SPF) and Yahoo’s DomainKeys Identified Mail, or the DMARC system, that can validate that email messages were sent from an approved email server or gateway. They use a specially formatted text record in the domain’s Domain Name Service (DNS) records to identify the correct originating server. If an email with a spoofed sender is sent from an unauthorized email system it can be rejected.
So, if you have found my site because you think that I have sent you SPAM or are trying to extort you for a BitCoin payment, please recognize that it didn’t actually come from me… Your email client should have an option to show you the entire message header, and you should be able to see that the email actually came from someone else, likely in another country.
We need to continue to press our internet service providers to leverage the spectrum of anti-spam tools, including things like SpamHaus DNSBL, SPF, DKIM or DMARC, as well as offering filtering tools like SpamAssassin or commercial products or services to manage the influx of junk email.