Reduce Email Hijacking With Email Authentication

Have you ever received bounced emails that you never sent? I bet the answer is yes. In case you don’t already know. The most likely reason you are getting these bounced email is because someone hijacked or spoofed your email address. What does it mean?

stop-spam

Image by Michal Zacharzewski

Well, you know how you can enter the “From” email address when you set up your email account? You entered the right address – your own but spammers enter your address. Because the default behavior for emails is to return undelivered to the “from” address, that’s why you are receiving the bounces even though you didn’t send it. It’s a lot like sending someone a letter via snail mail and using someone else’s address instead of your own as the return address.

Isn’t there a way to tell if this is in fact a hijacking and not something you’re doing wrong on your end?

Yes. It involves checking the email headers. Email headers tell a lot. They have information on who – or rather which computer initiated the email. So it is a simple matter to prove you are not the one sending the email. But by then, the damage is often done :-(.

How do you prevent it?

For long time, there was little you could do about it. But now, it is easy to reduce the chances of hijacking if not eliminating them. If your web host supports Sender Policy Framework (SPF), turning it on will be a big step towards blocking people from hijacking your email address.

How does it work?

Quite simple really. It is a checkpoint that will only allow email to be sent from your own domain. When the recipient’s email server receives an email from you and tries to check if the email is legit, it will check the origins of the email. If it came from your domain, the email goes through. If it didn’t, then the server rejects the email. The result, the target of the spammer never receives the spam and your ‘reputation’ is intact.

How do you set it up?

On cPanel hosts it’s pretty easy. Just log in, look for an icon that says Email Authentication. Simply enable or disable SPF. If you are using Gmail or Google Apps to read and receive your emails, then you need to add Google on to the list of allowed domains. Under the spot where it says “Additional Hosts that send mail for your domains (A):”, click Add then enter aspmx.googlemail.com. Save and all is good.

Please be sure to test sending and receiving once you turn it on to ensure your emails are getting delivered to you and from you to the recipient. Last thing we want is to totally disable your emailing ability :-).

Do You Want A Hands-Free Business?

Then get this guide to help you systemize your business so you'll have more time working on your business.

!
!

Hey! I want to make sure you know what you're getting here. In addition to the guide, you will also receive our memo that includes special offers, announcements and of course actionable information.

Terms and Conditions checkbox is required.
Something went wrong. Please check your entries and try again.
Facebook Comments

5 Comments

  1. Net Success on November 19, 2009 at 2:51 pm

    Hi Lynette,

    First let me say that i really love your blog and the great tips and info you provide.

    This is great. I have had an issue with that for a while and didn't know how to alleviate the problem. I knew about the Cpanel. I now know what to do for Gmail, but is there a fix for Yahoo. It seems to be mainly where my problem exists.



  2. Lynette Chandler on November 19, 2009 at 9:16 pm

    Thank you for the kind words. It is much appreciated! I believe Yahoo uses DomainKeys which is another standard.



  3. Net Success on November 19, 2009 at 10:23 pm

    Your welcome Lynette,

    Thanks for the link to the article.

    It was extremely enlightening.

    I guess the question I will ask Yahoo is the same as the person
    who wrote the post. Why don't you guys use Domain Keys as
    well as SPF? LOL. Thanks again Lynette. I guess for now I'll
    just have to put up with Yahoo's lack of hindsight or move over
    to GMail completely. Either or.



  4. Lynette Chandler on November 20, 2009 at 9:19 am

    Yeah Yahoo is a huge pain. I learned something I would never have managing an autoresponder service – getting emails through to Yahoo is a pain not because we didn't do our part but they like to randomly *it seems*, reject good emails for no reason so good emails continue to bounce until whenever they decide to accept it. Meanwhile, the subscriber is wondering why they don't receive the emails and we the senders get could get penalized not to mention bounces are hard on the server load.

    One of those things.



  5. Lynette Chandler on November 20, 2009 at 1:19 pm

    Yeah Yahoo is a huge pain. I learned something I would never have managing an autoresponder service – getting emails through to Yahoo is a pain not because we didn't do our part but they like to randomly *it seems*, reject good emails for no reason so good emails continue to bounce until whenever they decide to accept it. Meanwhile, the subscriber is wondering why they don't receive the emails and we the senders get could get penalized not to mention bounces are hard on the server load.

    One of those things.