Abused domain in fraudulent emails

You may have encountered fraudulent emails, that seemed to be sent from your domain from your superior, at the best on Friday in the afternoon, and that asked to make an immediate payment. If such payment is to unknown account, caution is necessary. Your domain was abused in a fradulent email - spam.

Your domain can be forged in fraudulent emails in several ways. The domain is forged. Such spams are sent from many IPs across the world. It is similar as if somebody wrote a random address on the envelope of a common letter.

If your domain is forged in the envelope sender, it helps to set a SPF record with qualification Fail (-all). You can set the SPF record by the article Setting of SPF and DMARC records. For this purpose, we recommend the value

v=spf1 a mx include:_spf.forpsi.com -all
With this SPF record, there is a possibility, that if the recipient has set forwarding of incoming messages, the forwarded messages may get rejected because of SPF, see the article SPF records and forwarded messages.

It is also possible to forge the domain in the parameter From in the headers of the spam, envelope sender address is different. It is similar as if somebody writes some address inside of the letter and different address on the envelope of the letter.

In this case, the SPF record doesn't help, because it is checked against the envelope sender. But you can set the DMARC record, that combines DKIM and SPF and the domain of the email address in From parameter in headers is checked.

DKIM is set automaticaly for the domains that use DNS servers FORPSI. If DKIM for your domain hasn't been set yet, create an authorized ticket on our support portal, see the article Authorization.

For the purposes of domain protection against abuse in fraudulent messages, it is necessary to use the reject policy. The guide to setting up DMARC record can be found in Setting of SPF and DMARC records. You can use for example this value
v=DMARC1; p=reject

Domain can also be forged in the displayed name in the headers. This can be freely changed by anyone and there is currently no known technique, which can check display names. As spammer use more and more advanced techniques for sending fraudulent messages, it is impossible to reject all fraudulent emails. Some spam can go through so it is necessary to be always cautious.