This post explains why bloggers and other website owners may see large numbers of bounce messages for spam they didn't send in their domain-based email - i.e. email that uses their domain name as opposed to their Internet Service Provider (ISP). If you're just looking for the fix without the background, check the extended entry.
The problem:
Lots of people who have their own domains and hosting get justifiably freaked out when they start receiving huge numbers of emails that seem to be bounce notifications for spam that looks like it was sent from addresses at their domain. Mostly these are autogenerated replies from other mail servers telling you the spam messages bounced. What unsettles people the most is that they never sent the original, so are afraid someone has hijacked their email or hosting account account.
In fact, these messages are simply the result of spammers making up addresses using your domain name to employ as fake return addresses when sending their crap. When the crap bounces, it bounces back to you because your domain has been spoofed as the sender.
This is NOT an indication of a problem with your email security. There's nothing you can do to stop spammers from inventing and using return email addresses that have been faked using your domain name (unless you've got some exotic technique for mind-controlling the spammers, in which case, fess up!) If you look at the bounce messages, you'll see that the return addresses are just arbitrary words put in front of @yourdomain.com, making it clear that these aren't your real addresses. So if they're made-up addresses, why do they bounce back to your real address?
Well, actually, they don't. By default, most hosting accounts are set up so that any email that comes in with an @yourdomain.com address will be forwarded to the default mail account. So if a message arrives for you@yourdomain.com, it will get routed directly to your inbox. If a message comes in for fakeaddress@yourdomain.com, it will get forwarded to the you@yourdomain.com address as well.
There's a good reason for this behaviour. If someone were to accidentally send to yuo@yourdomain.com (a typo), then instead of bouncing, the message would get forwarded to your default address and could be sorted out from there. So what can you do about the mess of bounces that are cluttering your inbox?
The solution:
If you're willing to give up the security of knowing that an accidentally incorrectly addressed message can still get to you, you can simply instruct your email handler to throw away any message that's not sent to a real, existing address. This means all those spam bounces will simply be discarded and you'll never see them. How do you tell your email system to dump this trash?
The first step is to decide exactly what action should be taken with each crap message. Your choices are to either bounce the message yourself, or to blackhole it. Blackholing is the most extreme, and means the offending message will simply disappear without notification to you or to whomever sent the message.
This is the most tempting solution because it means the crap message dies with you - it doesn't go on to bounce back back to another server that didn't request it either. This is great if the only messages being dealt with this way are guaranteed to be pure crap. BUT! This is very bad news for those messages that might be legit, but with an accidental error in the email address. Remember, no notification of failure will be sent, so if I sent the offer to hire you as my gourmet restaurant's food taster, but it went to yuo@yourdomain.com by accident, you're never going to see it, and I'm just going to assume you ignored me.
Oops.
So the only time to use the blackhole is if you don't actually use your domain's email at all. In which case you know anything that comes in is crap and can safely be ignored. For everybody else, you want to set your system to bounce any message not sent to a legit address.
Hit the extended entry for step-by-step instructions on how to do this.
The fix:
These instructions are specifically for hosting accounts that utilise
cPanel for their administration interface (note, these instructions are
specific to the setup at Mu.nu - generic instructions are noted at the
end).
Log into the admin area (yourdomain.com/cpanel/) and double-click the icon for Mail. Then click the link for Default Address, followed by the link for Set Default Address. Once that page is open, you'll see the screen below:
To force unrouted mail to bounce, add :fail: no such address here to the second box, then click the change button. To cause all unrouted mail to simply disappear, enter :blackhole: instead. (Note the colons beginning and end.)
Non-Mu.nu versions of cPanel may look different depending on the skin and version in use, but you're looking for the Default Address screen. It may be available right from your main admin page. If your host doesn't use cPanel, look for the setting for your Default or Catch-All Address.
I need help. My company is being blocked by the likes of IronMail and so forth because we've been spoofed. Only thing is we are NOT receiving bounced messages. Our ip is listed in the header and are therefore being blocked altogether even though we have NO RECORD WHATSOEVER of having sent the emails. I NEED HELP HERE!! because whomever is doing this is not stopping.
Posted by: Stacy | Monday, August 04, 2008 at 01:18 PM
In Cpanel, ADD an email account
name it the same as your default email account.
Example: default account is named username
New account will be named username@yourdomain.com
Set the default account to :FAIL:, don't use blackhole.
When checking your newemail account, you need to use the entire email address as the username.
Only email addressed to username@yourdomain.com will be delivered.
If you don't create and use the new email with it's new login ALL your email will fail to appear in your email reader i.e. Outlook
Posted by: Hints | Thursday, April 03, 2008 at 12:46 PM
Thanks for this informative article and how to combat the spammers. I had received a few bounced spam emails in the past, but today I received about 50 in the span of five minutes and was getting a bit afraid my domain was hijacked or would be blacklisted. Thankfully that doesn't seem to be the case.
Posted by: pitumbo | Sunday, March 30, 2008 at 05:26 PM
Hi Paul,
Thanks for writing this, it has eased my inbox fear dramatically! And there was me blamiing Facebook :-)
Posted by: Tilesey | Wednesday, June 06, 2007 at 04:20 AM
Oh.. now I got some idea on why some mails come to my inbox although I am not the intended recipient. When looked at the 'To' address it was some typo or misspelled mail ID. I was wondering before on how it is happening... (But Yahoo mail could identify this by default and sends it to Bulk folder directly) Thanks for giving some info on this.
Posted by: Shivaji | Thursday, May 24, 2007 at 06:18 AM