If you want to send an email using someone else’s domain name, there are a few things you need to know. First, you’ll need to find the domain name of the person or company you want to send the email to. This can be done by looking up their website or by searching for their name on a search engine. Next, you’ll need to create an email address for that domain name. This will be used as the primary address for your email correspondence. Finally, you’ll need to set up your email server so that it can accept emails from your new domain name’s email address. This will allow your recipients to receive your emails from your new domain name rather than from your original address.


Being able to send out e-mail using your own domain name can be very nice, but what do you do when someone starts spewing out spam mail using your domain name? Today’s SuperUser Q&A post discusses the matter to help a frustrated reader.

Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.

Photo courtesy of Maria Elena (Flickr).

The Question

SuperUser reader Jake M wants to know how someone has been able to send out e-mail using their personal domain:

How is someone doing this and is there anything that can be done to mitigate the situation?

The e-mails are from a user we did not create called: regeniaberry67a@ourdomain. com. au. The e-mail is to: regeniaberry@ubtanet. com. The content of the e-mail talks about a stock that is six cents but will go to fifteen cents and that people should buy it. It contains a link to Yahoo’s finance website, but I will not click it, so I am not sure if it is legitimate. We know of the e-mails because we get bounce-backs (the recipient must not exist).

What would allow someone (or a bot) to send an e-mail under our domain name? Is there anything we can do to stop this? Is this Dictionary Spamming?

The Answer

SuperUser contributors Paul and AFH have the answer for us. First up, Paul:

Followed by the answer from AFH:

So the short answer is nothing prevents anyone from using your domain in e-mails they send. Even normal users can put whatever e-mail address they like in their e-mail settings.

Spammers routinely use valid domain names as From addresses to avoid being blocked.

While you cannot stop someone from sending e-mails with your domain name, you can help e-mail servers around the world understand if e-mails sent from your domain name actually originated from you and are legitimate e-mails, so that any others can be discarded as spam.

SPF

One way is to use SPF. This is a record that goes into DNS and lets the Internet know what servers are permitted to send e-mails on behalf of your domain. It looks like this:

ourdomain. com. au.   IN TXT “v=spf1 mx ip4:123. 123. 123. 123 -all”

This says that the only valid sources of e-mail for ourdomain.com.au are the MX servers – the server defined as the recipient of e-mails for the domain, and another server at 123.123.123.123. E-mail from any other server should be considered spam.

Most e-mail servers will check for the presence of this DNS record and act accordingly.

DKIM

While SPF is easy to set up, DKIM takes a little more effort and should be implemented by your e-mail server administrator. If you send your e-mail via an ISP e-mail server, they will often have methods for quick setup of DKIM.

DKIM works similarly to SSL certificates. A public/private key pair is generated. The private key is known only to the e-mail server, and it will sign any outgoing e-mails.

The public key is published using DNS. So any server receiving e-mails marked as coming from your domain can check that the e-mail was signed by retrieving the public key and checking the signature in the e-mails. If no signature is present, or it is incorrect, the e-mail can be considered spam.

Have something to add to the explanation? Sound off in the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.