My email address “postmaster@mydomain.com” is being used as return address in SPAM. I received more than 100 bounced emails this morning alone. Is there anything I can do? My concern is that my domain will be tarnished.
There’s not much you can do, it’s called a Joe Job. Just about everybody who owns a domain, from the lowliest blogger (like myself) to the biggest businesses, is vulnerable because there is no way to control that the return address on an e-mail is real and/or really belongs to the sender.
Here’s a pretty good thread on AskMetafilter about the issue.
One thing you could do is put a notice on your website that says something to the effect of “No one associated with Category5IsANicePerson.com ever sends out unsolicited commercial e-mail or spam. E-mails sent from this domain will include X and Y and only to those personally known to Category5/those who sign up for our newsletters/our established customers.”
Most people are pretty savvy about what spam is when they get it. Unless the spam is advertising something connected to you and your website, it’s unlikely that it will have much of a deleterious effect upon you. Just the same, sorry that you’re facing this problem. Spammers are the bacteria who live in the slime trails from the lowliest slugs of the internet.
had never heard the term “joe job” until now.
It’s also called backscatter or backscattering. I have been affected by this two or three times in the ten years since I owned a domain. Yes, it’s supremely annoying and sadly there is just about nothing you can do about it. I sympathise.
Tumbledown made one good suggestion.
Another is to contact your web hosts immediately (assuming there is a hosting company involved) and just let them know that this has happened. It’s not because you expect them to take any action. (There’s nothing they can do.) It’s so that if anyone should report you for spamming, which can happen, they are already aware that you are not actually to blame. To put this another way, you want to tell your hosting company about it before they tell you about it, because they may well have a policy of disciplining / barring anyone caught spamming.
Another possibly good move is to contact all your most important contacts, friends and clients and tell them that this has happened. Ask them to make sure that their own anti-spam protection has not automatically decided that everything from your domain is now spam / blacklisted. And ask them to send a short email back to you acknowledging receipt within 7 days (making reasonable allowance for the fact that some people only check their emails infrequently).
Do not do this by sending out a large, bulk email! Send individual emails, or very small groups.
Those you hear back from - you know there isn’t a problem. Those you don’t, there *may *be a problem so you know to contact them some other way, such as phoning and explaining.
It’s tedious to have to do this, but unfortunately some anti-spam software may have detected the spamming falsely attributed to you and blacklisted your domain.
I can offer one note of hope. It is highly likely that your domain was harvested purely by chance (spammers send out bots and spiders to find random domain names) and will not be used again, or not used again for some time. So don’t imagine anyone is intentionally targetting you. You’re just today’s victim. Tomorrow it will be someone else.
One thing that you can do is have your web hoster hosting your domain implement a SPF entry for your domain. If you use mail forwarding for addresses of the domain, or send mail using an address under that domain as sender’s address, they and you need to know what you are doing or it might bite you where you don’t want to be bitten.