It is a common misunderstanding that a malicious message sent "from" your domain without your permission indicates that your email systems have been hacked. However, this is not the case. Unfortunately, anyone can put anything on the "From" line of an email and hit "Send". This is known as "spoofing".
While there isn't a way to prevent spammers from sending spoofed emails, the following two steps will prevent your users from receiving spoofed messages claiming to be from your domain:
- Ensure that your domain has an SPF record. By having an SPF record along with following the steps below, you can block all email from your own domain that does not come from an authorized IP address or does not come from a Return-path that you authorize. details
You can check if your domain has an SPF record here:
If you don't have an SPF record, you can create one by adding a TXT record to your domain's DNS. The following tool can help you to create the record:
Be sure to enter spf.spamhero.com here:
Assuming you're using your domain's DNS control panel at your hosting provider to create a TXT record, you would copy just the portion of the text that is inside the quotes here:
If you're not sure how to add a DNS record, send the text inside the quotes to your hosting provider or mail server administrator and they should be able to help you add it.
- After confirming that your domain has an SPF record, go to the Settings > Approved senders page in the SpamHero control panel, click the Add button and enter just your domain name here:
- Select Allow messages that meet one of these conditions (recommended).
- If your domain has SPF configured and your Return-path uses your own domain name, you can leave the Approved sources field blank:
If you use third party services that use a different Return-path, be sure to enter them in the box above.
- Finally, check the Impersonation protection for domain spoofing box, and click Save:
- After setting the options above, you will want to watch your quarantine to make sure important messages are not being held in the quarantine. If any legitimate emails are blocked, click on the Approve sender link below the message in the Quarantine+ viewer and it will automatically detect the source of that message and authorize that source for future messages:
You will also want to consider if your website sends emails on behalf of your domain (e.g. via a web form) and make sure the IP of your web server is included in your SPF record and that the script that sends the emails uses the proper return path (aka "envelope sender").