Brent Arias asked:
My e-mail account, for my privately run business which I’ll call “VeryCoolCompany”, is starting to receive bounce-backs for users who don’t exist, like these:
[email protected]
[email protected]
In short, somebody is sending e-mails which pretend to be from my company.
No, they are not using my servers to do this. To be precise, my business e-mail is actually a g-mail account in disguise; it is rigged up to my company domain name.
Nevertheless, if there is something I can or should do about this – I’d like to know. For example, does it make sense to contact google? If so, then how? Or do I need to just suck-up and ignore the potential fallout from this?
My answer:
Congratulations, you’ve just received your first backscatter spam.
Unfortunately, the root cause of backscatter spam is badly configured mail servers which accept a message before determining that it’s undeliverable and then attempt to return it to the “From:” address, which is obviously fake.
If there aren’t a lot of them, you can forward them to postmaster @ the domain of the mail server from which you received the message, to report the problem. This relies on the hope that someone at the other side has a clue. (I actually did this today for two backscatter messages. For one, the mail to postmaster bounced, and I reported that to rfc-ignorant.org. That was somebody’s Exchange server in Kenya…no surprise there.)
One thing you can definitely do is to stop using a catch-all email address, and only set up the specific addresses you need.
View the full question and any other answers on Server Fault.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.