Someone is spamming using addresses at my domain
Symptom: The client reports they are receiving bounce notices of failed email delivery for emails they did not send. A review of the content of the bounced mail indicates it is spam.
Cause: A spammer is using addresses at the client domain as the return or reply-to address in their spam.
Resolution: Unfortunately, there is no resolution. Nothing prohibits anyone from using a return address at another's domain. The only course of action is to delete (or filter) the bouncing messages until the spam run is over. When possible, the full original message should be reviewed on random bounces to determine if there is a single origination point for the spam. If so, an abuse complaint can be made to the administrator of that network or system. If the spam is being sent through multiple proxies or open relays, filing abuse complaints is much more difficult. If there is a common URL or domain name in the body of the message, complaints can be made to the location where the URL is hosted and to the registrar for the domain.
To help control bounces arriving at the default address in use, a system-level filter is available and in place on all servers. However, this is dependent on the default address being set to :fail: ("discard at SMTP time with an error" from the default address option in the control panel). In general, the use of the default address is not recommended. Instead, create standalone mailboxes or forwarders for valid addresses, and then set the default address as noted above. This will filter bounces returning to random addresses at the domain and lessen the effects of the bounces that are returning to the network.
Cause: A spammer is using addresses at the client domain as the return or reply-to address in their spam.
Resolution: Unfortunately, there is no resolution. Nothing prohibits anyone from using a return address at another's domain. The only course of action is to delete (or filter) the bouncing messages until the spam run is over. When possible, the full original message should be reviewed on random bounces to determine if there is a single origination point for the spam. If so, an abuse complaint can be made to the administrator of that network or system. If the spam is being sent through multiple proxies or open relays, filing abuse complaints is much more difficult. If there is a common URL or domain name in the body of the message, complaints can be made to the location where the URL is hosted and to the registrar for the domain.
To help control bounces arriving at the default address in use, a system-level filter is available and in place on all servers. However, this is dependent on the default address being set to :fail: ("discard at SMTP time with an error" from the default address option in the control panel). In general, the use of the default address is not recommended. Instead, create standalone mailboxes or forwarders for valid addresses, and then set the default address as noted above. This will filter bounces returning to random addresses at the domain and lessen the effects of the bounces that are returning to the network.
Updated on: 21/06/2022
Thank you!