Dealing with forged return addresses hitting my domains?

Jeff Schroeder jeff at
Fri Apr 21 09:07:48 MDT 2006

Kimball asked:

> In investigating what to do about it, I have run across a few  
> different approaches, and wanted to get an opinion from PLUG on what
> is the Right Way.

I, too, have been getting hammered with lots of bounces from spoofed 
messages using my domain(s).  Unfortunately, I don't know if either of 
the things you proposed (SPF and Domain Keys) would make a difference 
here.  The bounce messages are coming from the poor recipients of the 
spam, and at that point the message has already been bounced-- SPF and 
DK are really intended to "validate" legitimate messages.  If the 
receiving mail servers were using them, you wouldn't be seeing the 
bounces because they would have already blocked/filtered the spam.

That being said, it may not be a bad idea to look into implementing one 
or both of those solutions IF your domain is sending legitimate 
messages to customers or whatever.  At least you'd boost your chances 
of that mail being received successfully.  Like you, I think SPF is 
both good and bad, and DK is fairly complicated.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : 

More information about the PLUG mailing list