How to Limit the Damage of Domain Spoofing

Brent Arias asked:

My e-mail account, for my privately run business which I’ll call “VeryCoolCompany”, is starting to receive bounce-backs for users who don’t exist, like these:

[email protected]
[email protected]

In short, somebody is sending e-mails which pretend to be from my company.

No, they are not using my servers to do this. To be precise, my business e-mail is actually a g-mail account in disguise; it is rigged up to my company domain name.

Nevertheless, if there is something I can or should do about this – I’d like to know. For example, does it make sense to contact google? If so, then how? Or do I need to just suck-up and ignore the potential fallout from this?

My answer:


Congratulations, you’ve just received your first backscatter spam.

Unfortunately, the root cause of backscatter spam is badly configured mail servers which accept a message before determining that it’s undeliverable and then attempt to return it to the “From:” address, which is obviously fake.

If there aren’t a lot of them, you can forward them to postmaster @ the domain of the mail server from which you received the message, to report the problem. This relies on the hope that someone at the other side has a clue. (I actually did this today for two backscatter messages. For one, the mail to postmaster bounced, and I reported that to rfc-ignorant.org. That was somebody’s Exchange server in Kenya…no surprise there.)

One thing you can definitely do is to stop using a catch-all email address, and only set up the specific addresses you need.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.