People Can Spoof Emails from Your Domain Name | DomainInvesting.com
101 Domain

People Can Spoof Emails from Your Domain Name

6

Over the years, I have had several people ask me to let them have an email address on a domain name I own. Some people like having an email address from a particular domain name because it’s a novelty and others want to have name@something.com because the something is related to their profession or personal interests. I have never offered an email service and I have no interest in offering it for many reasons.

Yesterday afternoon, I received a phone call and text messages from someone who apparently received an email that looked like it came from one of my domain names. Someone harassed her from a made up email address, and she asked me for information about the email address because she saw that I own the domain name. Obviously (from my perspective) the email was spoofed, but it was quite disturbing to hear that someone chose one of my domain names to use for this.

Luckily, this seems to be an isolated case rather than someone using a domain name to run a large scam or spam campaign, but it is still something domain owners should know is possible. If a domain owner offers email service from their domain names, this can be even more problematic and require legal intervention.

When you have good domain names, especially domain names that sound “official,” there could be people out there pretending to be affiliated with the domain name or website. In fact, Uniregistry Market even has a canned response for domain owners who receive inquiries from people who believe they received spam from a parked domain name:

“If you received a spam email which you believe came from one of our website addresses, you must understand that identifying information in email is easily forged by spammers. We do not send email from any of our website addresses. In fact, since we only use these website address for providing web pages, we work with a leading spam detection organization to collect and forward email to them for spam identification, because there should be no reason why anyone is sending email to our website addresses.”

When you have desirable domain names, there could be people who use them to send spam, scam, or harass others.


About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has sold seven figures worth of domain names in the last five years. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest.


Reach out to Elliot: Twitter | | Facebook | Email

Comments (6)

    Kevin Murphy

    Sounds like you’re describing a Joe Job.

    https://en.wikipedia.org/wiki/Joe_job

    April 6th, 2016 at 2:31 pm

      Tony

      Yep. And of course, JoeJob.com and JoeJobs.com were both registered over 12 years ago.

      In reply to Kevin Murphy | April 6th, 2016 at 2:38 pm

    Jen

    Yes, they can spoof an email address, but now there is another chilling aspect.

    These slimy scammers have figured a way to add code to the encoded original message that masks their real email address and shows YOUR address, usually with a recipient of a brand name, for example, Canon[at]example.com .

    For now, they are still unable to spoof IP numbers within the encoded message, but it’s only a matter of time.

    April 6th, 2016 at 2:43 pm

    Joe Styler

    I have millioniare.com, typo of millionaire and you can’t imagine how many emails I got on that because someone or likely many people who are not great at spelling were spoofing that url to send notices to people claiming to give them money. I set up some restrictions around my email which did cut back on it a good deal. This article is a good start at reducing people’s ability to spoof you https://www.godaddy.com/help/add-an-spf-record-19218.

    April 6th, 2016 at 6:24 pm

    Oliver Krautscheid

    Elliot, that’s an interesting topic you are discussing here. I own a couple names where people frequently abuse my name through spoofing so I am not new to this. What do you propose to do in such a case and do you believe you can be held accountable for this if the investigators believe you are sending them?

    Anyway, I always wanted to do what you propse in the other article and start such an email service. I like your points in the other article, but as a business owner you always assume risks others are not willing to take, that’s just part of the game.

    Just a hypothetical question, if I would develop something like a parking service for renting out email addresses and take a small percentage, would you consider being a customer? I am thinking the addressable market would probably be rather small, so may not be worth it, but I like the idea, especially since email uses different DNS servers so you could host it elsewhere (DomainNameSales) and only redirect the mail records to such a service. So you’d have the best of both worlds.

    April 8th, 2016 at 12:44 pm

    Surya

    You should set the SPF Record in DNS of your domains. In Godaddy you only can access the feature in Classic DNS. If you didn’t do it, someone can made an amail with your domains easily for spamming.

    April 8th, 2016 at 3:21 pm

Leave a Reply

Name *

Mail *

Website