One of my Web clients recently got an angry feedback e-mail from someone who received some sort of spam (slamming GWB, apparently) that originated from the e-mail address “slyofh@myclientsdomain.com”.
He’s e-mailed this woman back, and she’s going to forward the full spam message to him, so we can look at the headers.
The question is, is there any defense against this sort of thing? I’m not too familiar with e-mail spoofing.
No.
The spoofed address (usually a virus) comes from an infected computer with an e-mail address in your domain somewhere on its hard drive. It can be anywhere: in an address book, in a cached web page, in the body of a file or e-mail message, etc. The very best you can do is figure out what IP address the infected computer was using, but that’s not going to do much to narrow it down, and the ISP probably won’t give you any information if you ask.
In the case of a spammer, they’re probably just picking your domain at random. Again, it will be impossible to track down (unless you can get a subpoena, but I doubt you could).
There is no defense in that there is nothing you can do to prevent this from happening. Anyone anywhere can send mail with anything in the headers.
There is recourse if you can track down the source. There was a case in Texas several years ago where a small company won a judgement against a spammer who spoofed the return address by demonstrating that the angry replies and bounce messages caused damage to her business, both her reputation and her ability to conduct business because the traffic brought down her servers. I think she ended up spending more on the investigation and proceedings than she won in the judgement, but it was a huge moral victory. Of course, in order to do this you have to find the source, not just the sender. If the email is political glurge rather than commercial spam, that may be very hard to do.