Back to Top

Help & Support

Get instant answers 24/7

Top > Miscellaneous Topics

How can I stop spammers from sending email from my domain (aka "spoofing")? Have I been hacked?

It is a common misunderstanding that a malicious message sent "from" your domain without your permission indicates that your email systems have been hacked. Unfortunately, anyone can put anything on the "From" line of an email and hit "Send". This is known as "spoofing".

While there isn't a way to prevent spammers from sending spoofed emails, the following two steps will prevent your users from receiving spoofed messages claiming to be from your domain:

  1. Ensure that your domain has an SPF record.

An SPF record is a DNS record that defines what servers are authorized to send for your domain. By creating an SPF record, it will help other domains that receive spoofed messages recognize when they receive spoofed email "from" your domain. SPF by itself is not perfect solution because it only authenticates the "return path". A spammer could still use a different email address as their return path but put your domain in their "From:" address and still pass SPF checks. But SPF records are still helpful. You can check if your domain has an SPF record here:

https://mxtoolbox.com/spf.aspx

If you don't have an SPF record, you can create one by adding a TXT record to your domain's DNS. The following tool can help you to create the record:

https://www.spfwizard.net/

Be sure to enter spf.spamhero.com here:




Assuming you're using your domain's DNS control panel at your hosting provider to create a TXT record, you would copy just the portion of the text that is inside the quotes here:




If you're not sure how to add a DNS record, send the text inside the quotes to your hosting provider or mail server administrator and they should be able to help you add it.

  1. Once you have your own SPF record in place, you can block all email from your own domain that fails SPF or fails to align (meaning, the email is "from" your domain, but the "return path" address's domain isn't your domain). To do this, go to the Settings > Approved senders page and add your own domain name. Before saving, click the Advanced drop down, and ensure to use the option Allow messages that meet one of these conditions (recommended).... This will ensure the sender is verified as authentic (with help of SPF, DKIM, and DMARC). Then, enable the option to "quarantine" messages that fail verification.

    This setting will block spammers that try to use a different return path but put your domain in the "From:" address. When selecting the above Approved Sender options for your domain, you must make sure your SPF record includes all the IPs that your users send from and that their email is configured to set the return path sender properly so that it matches their From address.

    You will also want to consider if your website sends emails on behalf of your domain (e.g. via a web form) and make sure the IP of your web server is included in your SPF record and that the script that sends the emails uses the proper return path sender (aka "envelope sender"). After setting the options above, you will want to watch your quarantine to make sure important messages are not being held in the Quarantine+ viewer.

    If the return path is a domain that doesn't match your From domain, you can add that domain to the Approved sources section.

Last updated June 22, 2022