4 {{ upvoteCount | shortNum }}
4 {{ upvoteCount | shortNum }}

Email Security: Can someone use my domain-based email ID without my authorization?

by JoelDean
3 replies
Hi folks,

I'm not a php programmer at all, so I don't even know where 'square one' is when it comes to that stuff.

I also hope that I'm posting this under the right category.

However, I just received an email out of the blue - of course, from a smart marketer (php developer working with email security), who's obviously trying to get me a bit freaked out, so that he can pitch me his services.

Here is what he says:

I am writing to ask whether you are aware that your domain configuration has serious security issues which lets anyone use your email address without your authorization?

This means anyone can use your email address and send emails to anyone of their choice, let it be your business colleagues, friends or anybody for that matter. I do not have to explain the consequences here since it is obvious; It will breach your privacy and could cost you in professional dealings. Just to prove this to you, I can send an email to you from "your email address itself".

Do you want me to send an email to you from your mailbox itself, so you can see the problem?


He's probably right, but I'm not interested in responding to him because he's just trying to pitch me his services.

However, what do you guys recommend I do under the circumstances - seeing that he's probably right?

I'd appreciate any good advice - something that I can do on my own - easy enough.

Thanks in advance.
#authorization #domainbased #email #security
  • Profile picture of the author David Beroff
    Email was (unfortunately) not originally designed to authenticate senders. While there are now systems in place (e.g., SPF) which allow one to prove whether one is authorized to use a given domain, none of them are universal. So that means that you or I or anyone else can send an email from any domain we choose.

    So what?
    Signature
    Put MY voice on YOUR video: AwesomeAmericanAudio.com
    {{ DiscussionBoard.errors[8784968].message }}
  • Profile picture of the author softwarewarden
    Originally Posted by JoelDean View Post

    Hi folks,

    I'm not a php programmer at all, so I don't even know where 'square one' is when it comes to that stuff.

    I also hope that I'm posting this under the right category.

    However, I just received an email out of the blue - of course, from a smart marketer (php developer working with email security), who's obviously trying to get me a bit freaked out, so that he can pitch me his services.

    Here is what he says:

    I am writing to ask whether you are aware that your domain configuration has serious security issues which lets anyone use your email address without your authorization?

    This means anyone can use your email address and send emails to anyone of their choice, let it be your business colleagues, friends or anybody for that matter. I do not have to explain the consequences here since it is obvious; It will breach your privacy and could cost you in professional dealings. Just to prove this to you, I can send an email to you from "your email address itself".

    Do you want me to send an email to you from your mailbox itself, so you can see the problem?


    He's probably right, but I'm not interested in responding to him because he's just trying to pitch me his services.

    However, what do you guys recommend I do under the circumstances - seeing that he's probably right?

    I'd appreciate any good advice - something that I can do on my own - easy enough.

    Thanks in advance.
    Setup SPF, DomainKeys etc. It wont fix the problem people will still beable to send email that looks like it comes from you(your email addresses) if they want to.
    {{ DiscussionBoard.errors[8785376].message }}
    • Profile picture of the author Karen Blundell
      in your cPanel under "Email Authentication" you can set up your SPF record and DKIM it's called - that is important because if someone does use your email address to send spam, they will know from the SPF record that it isn't you that sent it.

      I would add an extra entry in your SPF record identifying every IP address set on your devices - as authorized to send mail from your domain- Your laptop/pc has been given an IP address by your host and you can find it here:
      Free Product Demo, Tools and Sample Databases | IP2Location.com

      In the emails that go out - there is an IP address of the sender - even if it's a proxy IP address - there are still things you can do -

      The above won't stop spoofers from using your email address completely - but it protects your domain from being blocked by the spam blocking sites.

      If you find that you are being spoofed - open the full headers of your email and look for the first IP address of the sender.

      Use these tools to try and find out the IP address info:
      Free Product Demo, Tools and Sample Databases | IP2Location.com

      and also
      Whois.com - Free Whois Lookup

      once you identify the host or ISP used to send the emails - find a abuse email or just an admin email address to send the following email out:

      Subject: Cease and Desist!
      A client of yours with the IP address of xxx.xxx.xxx.xx is spoofing my email address(put your email address here) to send out the below spam emails. Please handle accordingly or I will have no other alternative but to take the appropriate legal action.

      Thank you,
      (your name and email address)
      The above email works wonders - trust me
      take care
      Signature
      ---------------
      {{ DiscussionBoard.errors[8786661].message }}

Trending Topics