I really enjoyed the possibility to register new accounts or subscriptions for different services under a dedicated e-mail address. But recently I noticed that I receive regularly “Delivery Failures” and “Out of office replies” for mails I have never sent. It was obvious that somebody started to use my domain for sending SPAM e-mails to various addresses – and for each recipient who was not reachable or had an auto-reply activated, an according message returned to my inbox. Just as perfectly summarized by the Open SPF Project:
Today, nearly all abusive e-mail messages carry fake sender addresses. The victims whose addresses are being abused often suffer from the consequences, because their reputation gets diminished and they have to disclaim liability for the abuse, or waste their time sorting out misdirected bounce messages.
This all was because I had a feature enabled which redirects anything sent to any e-mail address @mydomain to my personal e-mail account. This is not only annoying, but also your domain could get “black listed” as soon as some big SPAM protection services realize that this type of mails are being sent from your domain – resulting in blocking any future mail you send from it, even the ones you really did send yourself.
Thanks to a very detailed forum post on Digital Point I got some ideas how I can (quickly) prevent receiving the mentioned messages and – hopefully – not getting my domain black listed. I summarized below the actions I took, so this might also help anybody who runs across the same issues with a personal domain.
- Disable the feature that any e-mails sent to @yourdomain are being forwarded/transmitted
- Enable (if available) SPAM protection for OUTGOING e-mails
- For e-mail addresses you want to receive messages on @yourdomain, create according e-mail aliases
With those basic changes, you should be able to prevent basically all unwanted replies from SPAM e-mails being sent from your domain. It will probably not be 100% sufficient for preventing somebody to abuse your domain for custom SPAM e-mail messages. This part is much more advanced and requires usually quite a wide access to your e-mail server. Refer to the linked forum post for additional settings possible for this area.