Welcome to WebmasterWorld Guest from

Forum Moderators: LifeinAsia & httpwebwitch

Message Too Old, No Replies

Spoofed Email Addresses

Just how much brand damage is being caused?



10:10 pm on Jul 2, 2008 (gmt 0)

WebmasterWorld Senior Member pageoneresults is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

Arrrggghhh, if I get one more spoofed spam message from Example.com!

Unfortunately it is not Example.com sending me the email. But, a rather subtle and effective email sabotage campaign launched against them I'd say over a year ago. It could be longer, time flies these days.

I've received so many of these that I no longer would trust the Example.com domain if I were the "average consumer". Many are going to think that they've just jumped on the email spamming bandwagon and go elsewhere.

Much of this "spoofed email" is going to get filtered. But, some of it does get through. That percentage that makes it through may have a drastic impact on your brand.

So, what do you do? Consumer education is all that we can do at this point with the current email protocols. Anyone can spoof the visible "From" address. What they usually cannot spoof is the header information which most consumers are not aware of. All they see is the From: You@Example.com and boom, your labeled. If they get enough of them over an extended period of time, that would probably have the same effect as if you were running a magazine ad for six (06) publications, the suggested run for maximum impact. But in this case, it has the opposite effect.

The biggest issue with Spoofed From Addresses? Anyone can do it, anyone. And many fall for it. :(

Do you get reports of this? Do you receive email from yourself? When you receive email like this from someone you know, do you alert them to the issue? I try to and will send the entire header information cut and pasted into the email so they can see where it originated from and follow the path. In most instances it leads to nowhere but they can see the methods used and exactly what their potential audience may be receiving.

I've seen some "high quality" emails coming from Spoofed Email Addresses. That first impression is a lasting one. When you get an HTML email that has the same look and feel of your website and it wasn't sent by you, there should be concern. PayPal is a prime example of this. So is your bank.


3:27 am on Jul 4, 2008 (gmt 0)

5+ Year Member

example.com needs to set up SPF. Quite easy for most domains, and bigger, more complex organizations should spend the effort. There are online tools at openspf.org.

It may not cure spam, but it helps protect the domain.


4:51 am on Jul 4, 2008 (gmt 0)

WebmasterWorld Senior Member marcia is a WebmasterWorld Top Contributor of All Time 10+ Year Member

I just saw a reputable site listed/flagged in red at Yahoo! Search as being a domain that sends out unsolicited spam email.

No offense intended, but I do suspect that it's their affiliate "partners" causing it, since they do have an active affiliate program and they've got very marketable products for that particular niche.

That would cause a LOT of brand damage, no doubt about it.


8:44 am on Jul 22, 2008 (gmt 0)

WebmasterWorld Senior Member piatkow is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

I would have thought that most users get to understand about spoofed addresses pretty quickly these days.


3:39 am on Jul 23, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

I saw one this morning from UPS saying "the package you sent cannot be delivered. Click the following link for more info". It was a zip file_ probably with a virus in it. I'm smart enough to not click on those things due to a bogus email (my email program shows when the email is not valid) but newbies probably wouldn't know any better.

The good thing is you only click on one of those once.

Fortune Hunter

6:15 pm on Jul 30, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

my email program shows when the email is not valid

What program do you use and how does it show you that it is valid or not? I am usually pretty sharp about these things, but if my email client had a way of doing it even better I would be game.


Featured Threads

Hot Threads This Week

Hot Threads This Month