Spoof!

[PerranOak]

It's a little off-topic but email is electronic(!) 

One of my email addresses has been spoofed. It doesn't look like they've hacked the actual account but I keep getting returned/blocked email messages for emails I haven't sent. I guess they're using my address as a return address to send spam, etc.

Is there anything I can do? Anyone can use any email address as the return address so I guess not.

Cheers.

[Domagoj T]

Not only as "return to", but as "sender" as well.

[LapTop006]

There are systems like SPF (older) & DKIM (newer) that make it easy for the recipient to reject these as fakes, but enough people have broken systems that it mostly just means you get *different* bounces.

[Rerouter]

You can spoof essentially any email address, Generally the only thing that would give it away for a phishing scam would be the different return address, but for one way spam, they don't care.

For the most part you can only protect yourself from receiving it, not from them sending it. but a number of the larger online email clients do catch this stuff if its meant to be from the same host.

Had many hundreds of emails these past year from things like "payroll@yourcompany.com.au" and "staff@...", "HR@..." all under our domain even though they are not valid addresses. though only a few of them had mismatched reply addresses, seemed they where probing.

[madires]

The SPAMmer uses your email address to have a valid sender address which can be verified by the receiving MTA. To reduce backscatter you could add an SPF entry to your domain.

[steve30]

I had this trouble a few years ago. I think I managed to just ignore it until it stopped.

[cdev]

First you tell email servers which server you send mail from with an SPF, TXT DNS record, and then DMARC tells them what to do with mail that is not from that source.

Look up how to use a "dmarc" TXT DNS record to tell receiving email systems to check any email from your domain against your official SPF which should give your mx address and to quarantine or reject and/or send to you any email from any server that is not your official DNS MX record. 

Also learn how to have your outgoing mail signed using DKIM..

Also, you should use a bunch of similar checks and tools on the incoming end.. to reject mail servers and mail that do not check out. For example, with postfix, you can apply a series of checks to the sending email source and most servers attempting to send mail fail them.

It's a little off-topic but email is electronic(!) 

One of my email addresses has been spoofed. It doesn't look like they've hacked the actual account but I keep getting returned/blocked email messages for emails I haven't sent. I guess they're using my address as a return address to send spam, etc.

Is there anything I can do? Anyone can use any email address as the return address so I guess not.

Cheers.

[madires]

I had this trouble a few years ago. I think I managed to just ignore it until it stopped.

Backscatter has become much less during the last few years. Professional SPAMers moved to setting up dedicated domains with SPF for their campaigns. The anti-SPAM measures require also more effort from the SPAMmers.

[PerranOak]

Cheers all.