How to stop spammer spoofing my domain for emails
I've scanned all my code and even changed the passwords to my google apps account such that the SMTP password has changed. However, spammers are still sending emails from [email protected] and the email is phishing attack too. I do not want my domain flagged for spam.
I only send emails through google's SMTP servers. I have the free google apps (grandfathered).
I believe I have SPF records and everything I can do to try and prevent this but it's still happening. What is more frustrating is that Google is emailing me Delivery Status Notification (Failure)
saying the emails can't be sent to a lot of emails, so it's spamming my business email.
I tried to use google app's Reports > Email Log Search
to see if the spammer is going through my SMTP to send these emails but it always gives an error No messages found. Please contact the sender for further investigation
. However, I suspect they are spoofing and aren't going through my SMTP?
What can I do to prevent this?
I can't contact Google because I am on the free grandfathered tier
PS: If it helps to look at my SPF records, please check i m v u - e . com
Solution 1:
Mail for your domain seems to be hosted in Google itself. Configure DKIM and DMARC for your domain in addition to SPF, as per Google manuals:
- Set up DKIM to prevent email spoofing
- Add your DMARC record
Note, as is said in DMARC manual, SPF and DKIM must be finished first.
This is the best you can do. This wouldn't prevent spoofing (that's impossible), but other servers will be able to filter out spoofed mail better.