Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Setting up HostPapa Advanced Email Question Question
How to verify my account if I don't have Github and Twitter account. Question Question

Question

email extension hijacked -- what can I do?

Posted May 1, 2020 391 views
Email

Someone is using my e-mail extension without my approval (*.@ctrchg.com). What can I do to stop them?

Add a comment
GaryConsultant
By:
GaryConsultant

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Setting up HostPapa Advanced Email Question Question
How to verify my account if I don't have Github and Twitter account. Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
3 answers
bobbyiliev May 1, 2020

Hello,

In order to prevent email spoofing, I would recommend the following things:

  • Add an SPF DNS record - SPF stands for Sender Policy Framework, it indicates to mail exchanges which hosts are authorized to send mail for a domain:

https://www.digitalocean.com/community/tutorials/how-to-create-a-spf-record-for-your-domain-with-google-apps

  • Add DKIM record - it is a process to validate sending domain names associated to email messages through cryptographic authentication.

  • Add a DMARC DNS record

Hope that this helps!
Regards,
Bobby

How To Create a SPF Record For Your Domain with Google Apps
by Keshav Pareek
Here we'll show you how to create a SPF record for your domain with Google Apps.
Reply Report
GaryConsultant May 1, 2020

Thank you! I will forward the solution to my webmaster for implementation. Much appreciated!

-Gary

Reply Report
  • bobbyiliev May 13, 2020

    Hi there @GaryConsultant,

    No problem at all, hope that this helps!

    And indeed as @twinedev mentioned it would not stop people from trying to spoof your email, but it should help the situation as the receiving email server would ‘know’ if the IP address which the email is coming from is authorized to send emails on your behalf or not and possibly discard the spoofed emails so that the recipients do not get them.

    Regards,
    Bobby

    Reply Report
twinedev May 1, 2020

For clarification, the records do NOT prevent spoofing from happening, they help the receiver know what to do with them, reject, mark as spam, or nothing at all, depending if they are configured to do. The spammer can still fire off e-mails with incorrect “FROM” email addresses night and day.

Reply Report

Related

Looking for something else?

Ask a new question Search for more help