Customer Support

• FAQ & Knowledge Base
• Password Help
• Email Help
• Contact Support
• System Status >>
• Feedback

  Support Categories:

Getting Started FTP Moving Domains E-mail Stat Reports Mailing Lists Apache PHP CGI MySQL Database Other Software Billing & Terms Control Panel E-commerce Pre-Sales

Search for keywords:

Browse by category: -- Select Topic -- Getting Started FTP Telnet/SSH Moving Domains E-mail Traffic Reports Mailing Lists Apache PHP CGI Other Server-Side Scripting MySQL Database Imaging Libraries Other Software Billing & Terms Control Panel E-commerce Pre-Sales

Someone is sending viruses or spam that appears to come
"from" an address at my domain.

This type of abuse happens frequently to many domain name owners, since spammers rarely use their own domain names in SPAM and viruses select addresses randomly from other people's address books.

Sometimes spammers just make up return addresses to put in their spam and it is a coincidence that this time they chose one that happens to belong to you. Sending an email that appears to have come FROM someone who did not send it is known as "forging email".

Anyone with Outlook or any other email program can forge whatever address they want in the FROM field of an email, regardless of whether they own the domain name in the address, regardless of whether they have permission to use it, and regardless of whether the domain name even exists or is valid. There is nothing that the rightful owner of a domain name can do to stop people from sending out email with an address in the FROM field using someone else's domain name.

There also is nothing that a webhost can do to stop or prevent spammers or virus mails from wrongfully claiming that your email address came FROM or was the sender of a piece of spam or email virus.

The most you can probably do about this is to go to Spamcop and report SPAM and just delete virus mails and the bounce messages that may be coming to you as the purported sender.

The most annoying part of having someone forge your email address in the FROM field of their outgoing SPAM is that nondelivery and other bounce notifications will be returned to you because the undeliverable messages appear to come FROM your address.

There are a couple of ways to avoid receiving those. If the username part (left of the @ symbol) of the forged FROM address is not a mailbox that you set up in your Control Panel, then you are receiving the unwanted messages through your catch-all forwarding rule (The catch-all rule allows you to receive mail addressed to any address @yourdomain). To stop receiving these messages, you could delete your catch-all rule so that you will no longer receive mail addressed to non-existent addresses at @yourdomain. Or, if you want to keep your catch-all rule, but just want to disable incoming email for one particular address, you can create a new forwarding rule in your Control Panel for the unwanted address and set it to forward to mwtrash-nobounce@modwest.com.

If the forged email address is one that is important to you, that you need to receive email at, there is nothing that can be done short of using your Spam Filter in your Control Panel to blacklist the FROM addresses in the undeliverable notices, such as: postmaster@* and then setting the Spam Filter to either delete spam automatically or automatically move it into another folder. However, this is not recommended because messages FROM those type of addresses are often important and most of the time you will want to receive them.

User-Contributed Notes

01-Feb-2004 20:37 There is nothing even Kevin Mitnick can do about this. Neither the FROM nor TO addresses in emails have anything to do with who an email is from or who it's to. Anyone, or any virus, can put whatever they want in those fields before sending out any email. That's just how email is. In the case of viruses, there are millions of people who have the latest virus that is causing this. It does no good to track down any of those people and ask them to fix their computers. They either don't know how to fix their computers or their computers are running unattended. In the case of people who do this intentionally, there is no point in trying to find them either because they usually launch their mails from Korea or other places that won't cooperate with any investigations. Besides, if you get them shut down at one ISP, they start up again in 15 minutes blasting out the same thing from a new ISP. You can waste a lot more of your time trying to figure it out than it takes the perpetrator to maintain the attack. That is why it is a waste of time to look at the headers or to try to figure anything out about the mails. They are just a nuisance and should be deleted.

anonymous -at- example.com 13-Jul-2006 10:01 I respectfully disagree. In the case of viruses, I have had good luck tracking down the owners of the IP addresses in the headers, and letting their admin of record know they have an infected user. We now get very, very few viral email, and I can immediately notice even numerically small spikes. I would say that we get viral email from less than half a dozen infected systems, and fewer viral email in an average week than we have users. In addition to being able to immediately tell when we started getting fresh spew, I reason that once someone knows they have gotten infected, they can be more careful in the future. Can I prove that? No. But it stands to reason that if they don't find out, they likely won't be more careful later. We had one sender who was infected with no less than three different viruses, until their ISP finally contacted them. I want to avoid seeing that. I also figure that we are not the only recipients in their address book. By taking just the few minutes to do this, I'm doing others a favor as well. I just wish virus fighting was as mainstream as fighting spam. But there's nothing like spamcop for trying to eliminate infected users. But there could be, and should be. Aren't you glad your fire department doesn't take the laissez faire approach to fires? ;-)

Related Questions:

Sending email takes a long time and then fails.

I get "relaying denied" when trying to send email from my computer.

My ISP does not give me an SMTP/Outgoing mailserver to send mail from my own computer, so I must use yours.

How do I send email?

Do you have screenshots of Outlook Express configurations?

How do I receive and read e-mail?

Occasionally, Outlook Express just asks for my username and password but will not let me get my mail.

Why can't I send or receive email with large attachments?

Do you have screenshots of Entourage 2004 configurations?

I can't get my email because I am continually asked to retype my mailbox password, or am getting a [LOGIN-DELAY] error.

Do you support Secure POP and IMAP?

Can I have a special MX record so a different mailserver like everyone.net or my own Exchange server will handle all mail for my domain?

Why am I getting spam?

Is there a way I can bounce all email addressed to unknown users?

How do I delete hundreds or thousands of emails easily?

How many email addresses can I have and how do aliases work?

Can I pipe email to a program?

How do I protect email that contains sensitive information?

Can I have an automatic reply sent to people who email me while I'm on vacation?

I cannot get into webmail.

Which e-mail protocol should I use, POP or IMAP?

How does the mail server filter spam and viruses?

How Do I Backup My Email?

Why won't my email attachment go through?

I receive too much SPAM: what can I do?

My website forms are spamming me with 'gibberish@mydomain.com' or Form Email Injection Attack

Do you scan email for viruses?

Can I do mass emailings through my ISP that advertises my website?

When I "Add Mailbox" in Onsite, it says "That login name is already taken. Please choose another."

Why are HTML emails a security hazard?

How do I view full email headers?

I get this error when logging into Webmail: Security failure, data decryption error

How do I import addresses into webmail?

How do I forward e-mail in OnSite?

Do you support anti-forgery standards (SPF / DomainKeys) for email?

I'm having trouble with email.

Do you purge messages from Trash and Spam folders?

Why can't I forward @mydomain.com email to my ISP mailbox?

Why is/isn't an email being marked as spam?

Why can't I delete messages from my mailbox if it is over quota?

Can I have an email address which both stores and forwards mail?

How can I access my Modwest mail from another provider's webmail?

What does the "Flag Subject" radio button do in OnSite spam settings?

Why is webmail seem slow?

When I send from Modwest webmail, my email has the wrong 'sender' or 'reply-to' address

Toggling 'Default Email Composition Format' to 'HTML' inside Modwest webmail only works temporarily

My Interspire Shopping Cart isn't Emailing Order Confirmations

Why can't I sort my messages in Webmail?

I use Modwest webmail. Is there a way to attach an image to my signature block?

Browse Categories: Getting Started, FTP, Telnet/SSH, Moving Domains, E-mail, Traffic Reports, Mailing Lists, Apache, PHP, CGI, Other Server-Side Scripting, MySQL Database, Imaging Libraries, Other Software, Billing & Terms, Control Panel, E-commerce, Pre-Sales