how to stop spoofed email addresses?

[ricks99]

First, I'll chime in and say I love bluehost -- great host at a great price.

Now, my problem:
I'm seeing a lot of "spoofed emails" that appear to be coming from my domain (foo@mybluehostdomain.com). These are obviously spoofs and invalid email address. Is there any way to stop this? I don't want folks to think that they're being spamed from me.

Also, I see a lot of email being sent to my domain to an invalid email address (such as someunknownuser@mybluehostdomain.com). Other than turning off the "catch-all" email address, is there a way to stop this?

Thanks,

-R

[smiffy]

Other than turning off the "catch-all" email address, is there a way to stop this?

That's the problem when using a catch-all email address. It means every email sent to anyname@yourdomain will get through which gives spammers a broad target to shoot at.

If you limit your email addresses to those that are essential, 95% of spam sent to your domain will get bounced. Takes only a few minutes to set up and saves you loads of time dealing with spam.

[thirstee]

Talk to Tech Support about setting up an SPF (spoof) record. It stops all email that did not originate from a list of domains that you send out mail from. i.e. business email, home email (basically all the smtp's that you are using). I had a similar problem at a previous isp and they couldnt solve it, I spoke to BH tech support prior to signing up and they told me about the spf and set me up that day and have not had the problem at all.
Good Luck!

[jdh]

An SPF (Sender Policy Framework) record will certainly help the situation (you can read more about how this works here), but you should keep in mind this is not completely foolproof, as it requires the receiving organization to support SPF or SenderID (Microsoft's implementation of SPF).

Basically, you publish an SPF record in your DNS (or in this case have Bluehost do it for you) that identifies those mail servers that are allowed to send mail representing your domain name. Any receiving server that supports SPF/SenderID will check for the SPF record and reject the e-mail in some fashion if it didn't come from a permitted mail server.

This rejection could take the form of silently discarding the message, bouncing it back to the sender, or moving it to the user's junk mail folder, so even the specific implementations are slightly different.

Some of the major web e-mail services are now starting to support this technology, but it's still not in widespread use, so it's not a foolproof solution to ensure that nobody ever gets an e-mail with your domain or e-mail address in the "from" line.

[thirstee]

But is that probably the best choice for now?

[walker]

Basically, you publish an SPF record in your DNS (or in this case have Bluehost do it for you) that identifies those mail servers that are allowed to send mail representing your domain name. Any receiving server that supports SPF/SenderID will check for the SPF record and reject the e-mail in some fashion if it didn't come from a permitted mail server.

That's fantastic. I didn't know that. Invalid emails at my domain have been used in the past (about three/four years ago) for spam runs. This is good to know should it ever happen again. Very impressive that Bluehost would enable it for users too.

[jdh]

But is that probably the best choice for now?

Well, to be fair that's probably the only choice for now. I guess the short answer is that something is better than nothing.

There was some discussion that Hotmail was going to start enforcing SPF records as part of Microsoft's SenderID specification last November, which would have meant that anybody without an SPF record for their domain wouldn't be able to send to Hotmail users. Realistically, I don't think they ended up being able to do this. As far as I know, Hotmail will read and use an SPF record if it exists, but it does not yet require an SPF record.

Bottom line is that it's certainly not going to hurt to have an SPF record put in, as long as it's properly constructed (and I'm assuming Bluehost's staff can figure this out for you, since they know which mail servers are involved).

It's just important that you don't expect this to actually be a full solution to the problem, since there are a lot of systems out there that don't support it (in other words, don't assume that once you put this in that others could implicitly trust all mail from your address as actually coming from you).

[thirstee]

Yes, like Isaid before. I contacted Bluehost prior to buying services with them. They said its a simple 1 line record. They added it for me at the time of signup and now forot he p[ast few months, have not had the problem. My old crappy host just blamed it onme and turned off my account without warning saying it was too much bandwidth on their servers. They said they were getting 100k + bounces per hour and never hear of a SPF record! Such morons! It took 1 call from a non customer to see BH knows their stuff! Thanks Bluehost!

[ricks99]

Thanks for the suggestions. I've turned off my "catch-all" address. Hopefully this will help.

[vegasgwm]

I cam across this and i think its a great thing to know. I too have a serious spoofing problem that worries me. I'm gonna nip it in the butt right now. Thanks for the great advice.