Sat 3 Mar 2007
Domain Spoofing Follow-up
By jrwiAs a follow up to this post about my domain being spoofed by spammers, a quick note on what I did about it and the current situation.
Firstly, I investigated just to make sure that they were spoofing the address, and hadn’t in someway accessed my account or the mail servers from my ISP. It certainly didn’t look this way from what I could see through my account settings, but I changed my passwords and all that, just in case. I then wrote to my domain hosts, Nativespace, explaining the situation and asking them to confirm that my account itself hadn’t been compromised and wasn’t being used to actually send the spam. They responded very quickly with some suggestions, including just failing the returned emails (although I wasn’t concerned about these, more on that in a moment), and this:
Secondly, you can look into generating an SPF record at openspf.org While this doesnt guarantee that it will prevent spoofing, it may assist you.
So I did. I won’t go into the details of SPF records here, the site linked above is obviously your best bet for that, other than just to say that I used the excellent wizards to generate records for each of my domains hosted at Nativespace, sent the records by email to support who then did the necessary with them. Excellent service, very quick, friendly and completely lacking the patronizing attitude some support teams seem to exude.
This was back on the 18th Feb. I’ve no idea if it’s made any difference, but the bounced mail from the spoofed spam has dried up now, either way, with the last serious block coming in about 3 or 4 days ago, with only one or two stragglers from that lot arriving today. I kinda expected that they’d eventually stop anyway, so it’s not clear at all if the SPF records make any difference, but they probably don’t do any harm either.
I wasn’t bothered about the bounced mails coming in because I simply set up a filter on my GMail account to label mails to the spoofed address as such and archive them. This way I was able to monitor the situation. At the moment, I have c.7500 mail items labeled ’spoofed’. God only knows what percentage of the totals sent out they represent.
