Spam is bad. It ruins the internet experience and is a major reason people hate email as much as most people do. Google has become very good at filtering spam, but it’s not perfect. But did you know, that by enabling certain features in your email, you can become a spammer without ever realizing it? Let’s look at a couple of common ways this can happen.
Before we get started though, a disclaimer: most of the problems outlined can be resolved with a proper configuration of the mail servers involved. We’re taking a look at some worst case scenarios that we have seen happen. YMMV.
“This is Bob’s email. He’s not here because he’s off in Hawaii soaking up the sun. He’ll be back in a week.”
Ah yes, the Answering Machine of email. Autoresponders are used for everything from vacation notices to verification of mail reciption, i.e. “Thanks for your mail, someone will get back to you in 24 hours”. How does the use of such features turn one into a spammer? Well, it’s quite simple.
Many autoresponders have the habit of including the sent email in the response. So, if a spammer hits “email@example.com” with a piece of spam, and the from: address is forged (they’re always forged) with something like “firstname.lastname@example.org”. Then, email@example.com responds with his typical “This is Bob’s email…” message, and right there below it, is the spam message for pharmaceuticals or hot russian babes or whatever. Where does this response get sent? It gets sent to firstname.lastname@example.org.
The result is that a spammer sent email to email@example.com, which forwarded the spam to firstname.lastname@example.org. Even if you don’t include the content of the original mail in the autoresponse, email@example.com STILL gets Bob’s automated response. Now Bob is sending unsolicted mail, whether it contain a spammy message or not. Bob, you spamming jerk.
But wait, there’s more. What if firstname.lastname@example.org get’s an email from Jane@example.com, and they both have an autoresponder set up. Yep, you guessed it- email wars! Both of their mailboxes fill up until they break, and now they don’t get email from anybody. Granted, many mail servers have protections for things like this, but many simply don’t.
The solution? Simple. Talk to your mail admin about it and make sure that the above problems can’t happen. If you’re not sure, then don’t use autoresponders. They’re a great idea that can turn out badly.
What about forwarding your email? It seems like a great solution: You have your own domain name, but you use Gmail or Outlook.com or some other mail provider, and don’t want to complicate your life by having to check yet another email address. And right there in cPanel is the Email Forwarder. Oh, it’s so simple- just send all email from email@example.com to firstname.lastname@example.org
And now, Bob, you’re a spammer. Why? Simple. When email@example.com gets a piece of spam, what’s the first thing he does with it? He forwards it. He SENDS the spam to bobsuruncle@… and now @example.com has a reputation for sending junk mail, and it gets blocked. Now the mail forwarding stops working because everyone knows that Bob’s a spammer and so they block him.
The solution: Don’t Forward Emails. Ever. Instead, most online mail services have a POP or IMAP retrieval option. So, you create firstname.lastname@example.org as a POP account, and have gmail or whatever check that email periodically. If that isn’t fast enough for you, then you’re stuck checking two email boxes. Live with it. Because forwarding mail, especially for business critical mail accounts, is just begging for trouble.
“But I’ve been forwarding email for years!” Well, I hate to break it to you, but you’ve been lucky. Your luck will run out.
A great way to be a spammer is to let a spammer use your email account to send spam. All you have to do is use a password that they already know. They have giant lists of known passwords, and they know how to use them. They’ll try to login to your email address enough times and get in, and then start sending spam. If “Fluffy123” is your email password, and you’ve been using it for years, by all means, change it. Get yourself a good password (and no, Fluffy1234 does not count). If you’re using cPanel, make sure your cPanel main account password is good too, because it can be used to authenticate any email address on the account.
There’s other ways you can become a spammer. Having a website that contains vulnerabilities (old versions of WordPress for example) is a great way to get your website hacked, and be used for spam. But that’s another article.
Questions? Comments? Leave them below 🙂
Ryan, Thanks for taking the time to explain this topic. (merritt)