Is you email address being used by spam makers? - Can they do this I hear you ask? How?
Well the uncomfortable truth is that it is very easy. You can send an email and put anything you like within the ‘from’ address. One of our system messages actually has NO FROM address.
When the great and the techie setup email on the internet, they allowed you to set pointers so that any email server would know where you want email to be sent. This worked very well, and still does. However, a spam message that uses your email address, or a made up email address with your domain name, can come from anywhere. Until a few years ago there was little chance of anybody telling it was not valid.
The complexity of the Internet makes it hard for fundamental changes in the structure, but they do happen over time. An organization was setup SPF.org, and the idea adopted (and slightly altered) by Microsoft. We can call this steps towards ‘sender authentication’ in other words setting up a process that an email server receiving a message can make some checks to see if it is from whom it is claimed. The SPF principle is to allow domain owners to specify which email server or services, are ‘authorised’ to send email for it. Any other servers can therefore be view with suspicion.
Most quality email server programs, including those of Microsoft, can do an SPF check as part of their spam protection.
If you think it is not a problem, and you have never seen one of these emails, please consider this. It maybe that your Spam service is protecting you from such emails. But the whole idea of using your domain for spam is that the emails are not going to you. They are flooding other systems and using your domain name as the cover. Now, if one of those spam systems belongs to one of the spam list services, you may find that they Blacklist your email account. This would have the effect that other email servers using the same blacklist list, will start to refuse your email. I did a test this week and took a little used domain I own and ‘left it open to abuse’. So that I could see what was really occurring, I also removed it from spam protection so that I would see all the incoming email. I immediately found the standard 400-500 emails daily offering Viagra and other such ‘stuff’. What surprised me that was within four days I started to receive ‘Message Undeliverable’ messages from other servers where spammers were using my domain to send emails into other systems. I saw 200 plus AN HOUR, coming into the inbox. What is even scarier is that many such spam messages are just deleted, so this 200/hour was only a fraction of what was being done ‘in my name’.
Ok, so if you are now considering the idea of implementing SPF, you will need to know how complicated it is. Well for a complete novice it is slightly daunting, but for your email service provider, it would be very easy. I would respectfully suggest you consider changing supplier if they had not already set this up for you. There are some who will claim, it is not in widespread use, so we see no point. It is that casual attitude that makes life so easy for spammers and looses my faith in my fellow IT professionals. If you think that a more proactive company should be responsible for looking after your precious email, then please contact us through our email service. www.proserviceemail.co.uk
If you would like to see a little more of what SPF is, then you can check the web site that started this http://old.openspf.org/index.html
You should also consider domain keys. This is a slightly different solution to the same problem and supporting by companies including Yahoo. I would be interested in the reaction of your supplier when you ask about this because it evolves the installation of additional software, and so is a little more ‘hassle’ to setup. More about that in a day or so.