A quick note about email spam

There’s a chance that you’re here because you received email from “me”, or at least my address at this domain, and it turned out to be spam. Sadly, my email address was scraped from some site, or stolen from some database — either way, it has been used by spammers as a spoofed email address. In most cases, it seems to be used in the “Return-Path” header, but I wouldn’t be surprised if some emails used it as the “From” address.

There are a variety of titles used by the spammers, they seem to be a Russian group, I believe their operation is relatively high volume due to the number of status emails I have been getting (email not delivered, email is spam, please do X before emailing, no user found, user on vacation, user left company, etc etc).

I am in no way responsible for any spam you may have received, so don’t blame me. If you open the headers of an email that used my address, you should be able to see that the SPF check failed, the DKIM check failed, and the DMARC check failed. I have recently updated these settings to ensure that mail servers can identify these emails as spam while still being able to identify what emails were sent legitimately from my servers. These settings are currently as strict as I can reasonably make them, including the instruction for 100% of emails that fail the DMARC check to be rejected outright instead of handled how the server wants or quarantining them. I do not know if any of this has had much of an impact on the flood of spam that seems to be being sent — I don’t think all mail servers treat SPF/DKIM/DMARC settings according to best practice, so who knows how many have escaped being marked as spam…

None of the sending email server IP addresses in any of the bounced status emails that included headers matched my servers. I have checked all of my email servers for security holes, all are clean, none appear to be operating open relays, and thus there is nothing else I can do.

So that’s the explanation behind the spam email in your inbox. I’m sorry that this happened, I have done all I can reasonably do to ensure these spam emails can be detected as such, please complain to whoever administrates your email servers if these spam messages are not marked as such, because I am providing mail servers with policies that should make it extremely easy to detect these emails, as long as they check the policies and treat the results properly.

Leave a Reply

Your email address will not be published. Required fields are marked *