Sign up for my email newsletter!

Ask Al: Help! My email address is being used in spam! What do I do?


Hey! You can find the more modern, updated version of this question and answer here. Whoops @ the newsletter automation choosing this old article for inclusion in this a 2022 newsletter.

2 Comments

Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.

  1. Hi,

    as I am really not in favour of this broken SPF "standard" (DKIM is much preferred), I want to propose another option for someone plagued by bounces for messages that he did never send:

    Add a cryptographic "x-Bounce-key" or similar header to all email you sent.

    If a bounce comes in, check the header key in the SMTP stage, and if it is missing or invalid, refuse the email with a clear error message such as "550 Invalid Bounce Key: You either stripped the original message headers or this email NEVER originated from here. BOUNCE REJECTED. Read: http://xxx.xxx.xxx.

    That prevents 100% of all bounces for forged messages plus it has the benefit of filtering some spam as well. And as of making email forgeries transparent, DKIM will do that without the headaches of SPF/SRS.

    Cheers,
    James

    ReplyDelete
  2. I'm not a fan for introducing something new. I believe this would false positive, based on the number of strange NDRs I've seen out there in the world.

    I think it's insulting to call SPF broken. I think SPF works just fine. There are some things it does and some other things it doesn't do. Like with many things.

    ReplyDelete
Previous Post Next Post