Spam from your e-mail address

Question

I reckon we all have seen it, e-mail sent with the From header set to your own e-mail address, as if you are the one sending the spam. I always thought there is nothing you can do about it, as the From header is free.

Is this in fact true, or are there tools to prevent this kind of spam?

Answer 1

You most likely see spam with the From header set to your own email address because of at least one of these:

• The domain of your email address does not have a Sender Policy Framework (SPF) record that explicitly specifies which hosts are allowed to sent email on your behalf.
• Your email receiving server (mail transfer agent or MTA) does not do SPF validation.

---

Setting a Strict SPF Record

If your domain is example.com and you send emails from the IP address 1.2.3.4, here is a strict SPF record you could put into your zone file that only allows

• 1.2.3.4,
• the domain's A record, and
• what the domain's MX record resolves to

to send emails:

example.com. IN TXT "v=spf1 +a +mx +ip4:1.2.3.4 -all"

This record does not prevent spammers from using your email address in the From header, but it does tell receiving servers that pay attention to SPF records to refuse to deliver emails not sent by 1.2.3.4.

If you use a mail provider for your domain, you'll need to find out from them what SPF settings to use. For example, with Google Apps, you would need to follow these instructions.

---

Configuring an Email Server to Check SPF

There are various different MTAs and control panels for them. You'll need to consult the documentation of your MTA or its control panel (such as cPanel) to set up SPF checking.

As one example, Exim can be configured to check SPF records by following this guide.

Server-side spam filters tend to check SPF as well. For example, SpamAssassin can check SPF records, as you can see in the documentation here.