Spam emails that contain MY domain email name.

Avatar
  • updated
  • Answered

I get plenty of  spam emails on my blog posts as comments or signing up for my newsletter. But lately I have had spam emails that have MY domain on them. [email protected] How are they getting this? Is this hacking into my account?

Pinned replies
Avatar
Ronnie H.
  • Answer
  • Answered

Hello! While this is a common problem, the good news is that you' probably haven't been hacked. Chances are, your domain is being spoofed -- a practice where the sender alters the email header to make it appear as though the email has come from another domain, but only to your email client/webmail. As long as the actual IP address originates from outside of your mail server, you're fine: check your cPanel or Exim mail logs if you want to confirm. 

If you want to make sure that these spammers don't cause problems for you, make sure you have properly configured your SPF, DKIM, and DMARC records. Setting your DMARC to 'reject' or 'quarantine' should keep those spam emails using your domain from reaching anyone else's inbox. You may still receive them sometimes, because DMARC is designed to prevent others from receiving these fake emails, but you'll prevent them from reaching others. Hope that helps!

Avatar
Ronnie H.
  • Answer
  • Answered

Hello! While this is a common problem, the good news is that you' probably haven't been hacked. Chances are, your domain is being spoofed -- a practice where the sender alters the email header to make it appear as though the email has come from another domain, but only to your email client/webmail. As long as the actual IP address originates from outside of your mail server, you're fine: check your cPanel or Exim mail logs if you want to confirm. 

If you want to make sure that these spammers don't cause problems for you, make sure you have properly configured your SPF, DKIM, and DMARC records. Setting your DMARC to 'reject' or 'quarantine' should keep those spam emails using your domain from reaching anyone else's inbox. You may still receive them sometimes, because DMARC is designed to prevent others from receiving these fake emails, but you'll prevent them from reaching others. Hope that helps!