Top Three Reasons Spam Looks Like It’s From Your Domain

We have a few clients complaining about spam that appears to be coming from their own domain.

We have investigated the issue with multiple customers and we have discovered the three most common reasons why these junk messages that appear to be from their own domain are getting delivered to your mail servers.

There are three common reasons:

1. ****SPF Records – This is the number 1 reason that bad mail gets through.
   ****Please ensure that you have an SPF record published for your domain. http://www.kitterman.com/spf/validate.html is a great site to check your current SPF records.Ideally your SPF should contain the IP addresses of your corporate, outbound or other  mail servers that you utilize to SEND outbound email. Once you have this information you’ll need to update your SPF records with your DNS provider.Once this is in place your SPF records instructs the DuoCircle Inbound Filter how to handle mail that appear to come from your domain, but does not originate from **your servers. Ideally we would drop these messages and mark them as spam.
   ****a) If you use DuoCircle for outbound SMTP our SPF instructions are here.  https://support.duocircle.com/support/solutions/articles/5000519471-how-do-i-use-spf-
   **b) If you use your own servers you’ll have to do some investigations to get SPF working correctly. This can typically be provided by your ISP or your IT Admin.
2. Whitelists – You have added your company’s domain name to the WHITELIST in the DuoCircle customer portal. Doing this will skip any inspection rules. And because we have specifically been instructed to whitelist all emails, these nefarious emails will get delivered to your inbox. By default your own domain is not whitelisted.Viruses are being blocked, but the rest will be delivered because of whitelisting. Here is the information on checking your filtering rules – https://support.duocircle.com/support/solutions/articles/5000554833-email-filter-rule-examples (My advice, unless you need specific rules, it’s best to leave the whitelists alone)
3. ****Unprotected SMTP Ports / Backup MX – Some customers still have mail.domain.com configured in DNS even though they are using our filtering service.****Spammers are smart and they are are connecting to mail servers directly, ignoring MX records and bypassing our filtering. In this situation you can either Firewall your server and only accept email from DuoCircle, Change your Delivery Port or update your dns.
   a) You’ll know if this is the reason that the junk is being processed if you look at the headers and there are no references to Mailhop.org in the transaction.
   b) Here is a list of our IP’s for your firewall – https://support.duocircle.com/support/solutions/articles/5000524218-ip-addresses-for-firewalls
   c) The other reason is backup MX services that don’t do spam filtering or antivirus. Your backup MX service is back door to your mail server, make sure that it’s protected and it’s filtering spam.
4. DMARC (Commenter Andrew mentioned this)DMARC is a more robust way to authenticate outbound emails and is fully supported by our inbound and outbound mail system. To learn more we have a solutions article https://support.duocircle.com/solution/articles/5000703263-what-is-dmarc- that can help. When you are ready to setup DKIM signing, let us know and we can help configure it with you.