I am receiving bounced emails that I did not send! It looks like someone is sending emails using my domain and email account to send spam, why is this happening?<\/p>\n
This is called a “Joe Job”. Unfortunately very little can be done about this. This actually is happening all over the internet for all domain names. SPAM or infected computers & servers constantly send spam emails to thousands of other recipients pretending to be others. The “REPLY To” (also called the “From”, and “Return-Path”) in their spam is an email address of a forged domain name (such as in this case, it is your domain).<\/p>\n
What happens is that the spam bounces, and is bouncing back to the REPLY to (which was forged by the spammer). Then you end up with the bounced email.<\/p>\n
Please see the following example. Please note that we have hidden some of the information with *** in order to keep some of the information confidential.<\/p>\n
A message that you sent could not be delivered to one or more of its\r\nrecipients. This is a permanent error. The following address(es) failed:\r\n\r\n******@tiger.jet.msk.su\r\nSMTP error from remote mailer after RCPT TO:< ******@tiger.jet.msk.su>:\r\nhost localhost.jet.msk.su [127.0.0.1]: 550-Mailbox unknown. Either there is no mailbox associated with this\r\n550-name or you do not have authorization to see it.\r\n550 5.1.1 User unknown\r\n\r\n------ This is a copy of the message, including all the headers. ------\r\n\r\nReturn-path: <youremailaccount@emailaccount.com><\/a>\r\nReceived: from [194.87.88.**] (helo=mx2.jet.msk.su)\r\nby tiger.jet.su with esmtp (Exim 4.33)\r\nid 1Jq04H-0006Gj-SJ\r\nfor ******@tiger.jet.msk.su<\/a>; Sun, 27 Apr 2008 10:08:57 +0400\r\nReceived: from uucp by mx2.jet.msk.su with spam-scanned (Exim 4.34)\r\nid 1Jq04G-0007AQ-D0\r\nfor ******@jet.msk.su<\/a>; Sun, 27 Apr 2008 10:08:57 +0400\r\nReceived: from 200-233-173-***.xf-static.ctbcnetsuper.com.br ([200.233.173.**])\r\nby mx2.jet.msk.su with esmtp (Exim 4.34)\r\nid 1Jq04F-0007A7-HL\r\nfor ******@jet.msk.su<\/a>; Sun, 27 Apr 2008 10:08:56 +0400\r\nMessage-ID: <000a01c8a82d$05897763$4cd6deb7@lhypwhxx>\r\nFrom: =?koi8-r?B?4sXT0MzB1M7PIMTM0SDhx8XO09TXIO7FxNfJ1snNz9PUyQ==?= <youremailaccount@emailaccount.com><\/a>\r\nTo: =?koi8-r?B?99nHz8TOz8Ug0NLFxMzP1sXOycUgxMzRIOHHxc7T1Ncg7sXE18nWyQ==?=\r\n=?koi8-r?B?zc\/T1Mk=?= <*** @jet.msk.su><\/a>\r\nSubject: *****SPAM***** =?koi8-r?B?4sXT0MzB1M7PIMTM0SDhx8XO09TXIO7FxNfJ1snNz9PUyQ==?=\r\nDate: Sun, 27 Apr 2008 04:27:19 +0000<\/pre>\nIn this case the spamming server is 194.87.88.**, which is a server located in Russia.<\/p>\n
The best recommendation is that you disable the catchall email function anything@yourdomain.com . By disabling it you will notice significantly less spam. Since these are forged by systems, they usually do not forged know email addresses such as youractualemail@yourdomain.com , although it can sometimes happen as well.<\/p>\n
It’s also important to note that this does not affect your business negatively from the aspect of communication with your customers. These spammers send to random email addresses, which would not be your customers. System administrators are also familiar with the “joe job” problems and as such they do not blacklist your domain. They would only blacklist the originating IP from Russia.<\/p>\n
It is possible to help against \u201cJoe Jobs\u201d by having an DNS SPF record. To setup a DNS SPF record, please see this Knowledge base article<\/a>.<\/p>\n
You can learn more about DNS SPF records here:
\n http:\/\/en.wikipedia.org\/wiki\/Sender_Policy_Framework<\/a>
\n http:\/\/www.openspf.org<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"Am I sending SPAM from my domain name and my email?<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[128,126,125,127],"class_list":["post-81","post","type-post","status-publish","format-standard","hentry","category-e-mail","tag-dns-spf","tag-joe-job","tag-openspf","tag-spf"],"_links":{"self":[{"href":"https:\/\/www.zenutech.com\/kb\/wp-json\/wp\/v2\/posts\/81","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.zenutech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.zenutech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.zenutech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.zenutech.com\/kb\/wp-json\/wp\/v2\/comments?post=81"}],"version-history":[{"count":3,"href":"https:\/\/www.zenutech.com\/kb\/wp-json\/wp\/v2\/posts\/81\/revisions"}],"predecessor-version":[{"id":424,"href":"https:\/\/www.zenutech.com\/kb\/wp-json\/wp\/v2\/posts\/81\/revisions\/424"}],"wp:attachment":[{"href":"https:\/\/www.zenutech.com\/kb\/wp-json\/wp\/v2\/media?parent=81"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.zenutech.com\/kb\/wp-json\/wp\/v2\/categories?post=81"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.zenutech.com\/kb\/wp-json\/wp\/v2\/tags?post=81"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}