Spoofing: Tips to Avoid Having Your E-mail Stolen and Used for Spam

Spoofing is a term referring to a spammer who steals e-mail addresses and uses that to spam millions of people across the globe. What makes matters worse is that there isn't much you can do once the e-mail is stolen, except perhaps attempt to find the spammer and shut them down. This happened to me.

How do you know if you've been spoofed? That's easy; you'll get hundreds, if not thousands, of emails from servers all over the world complaining about your sending them spam or bulk email. Trust me, this is annoying, and can provoke a sense of panic if you're not familiar with the practice. Do not fear; most servers understand the annoying practice of spammer's and that a return email address can easily be faked. In other words; you won't get in trouble for this.

If you handle your own email for your domain, then you can reduce the chance of spoofing by doing away with the 'catch all' email of *@yourdomain. com. This is the setting that puts any e-mail not otherwise specified to forward to another address. For instance, I used to have a catch-all setting where you could write heyyou@learnthepc. net or whatever@learnthepc. net or even anything@learnthepc. net, and I would receive your email. I deleted the catch all settings and now only the email@learnthepc. net will work. Anything else will 'return to sender' back to the spammer or wherever the email originated. This little trick drastically reduced the hundreds of warnings down to nothing in a matter of minutes.

As for finding the spammer; you have to go through the email headers. Ignore the 'from' line. This is easily faked by putting in whatever email you want. Within the headers, you need to find the "return-path" or "reply-to" fields. Click here to get more details on headers. Once you get the original email, do not reply to this. Instead, find the domain which is the @thedomain.com and send to that, complaining they are spamming. Hopefully, they will be deleted off their server.

Another tip you need to understand is how to protect your e-mail on your web site. This is one method the spammers find e-mail, but another is also message boards or even chat rooms. NEVER post emails on a public forum!

Generally, adding your email on your web page or blog, as typed out, is a bad idea. Even a URL (web) address link will have the mailto: code which spamming bots look for. Instead, consider adding an email form on your site, or add spaces within the address with the explanation to your web visitors you are protecting your online I.D.

Hopefully, you'll never have to face this, but at least now you'll have the minimum you need to know to handle the basics.