We use cookies

We use cookies to ensure that the website functions properly, to monitor and optimize the user experience on our websites and for marketing and social media purposes.

Adjust preferences
Go back

Adjust preferences

You can choose which cookies you want to enable. Analytical cookies help us to analyze and improve the use of the website. Statistical cookies collect anonymized data to track trends and performance.

Necessary cookies (always active)
Analytical cookies
Marketing cookies
Skip to content

Help, I receive many spam mails or emails from myself

Back to email

Introduction:
Spam is a major problem on the Internet.
Spam is sent by parties who hope to profit financially by sending haphazard e-mail in large masses to strangers. Nowadays, fortunately, more and more people are aware that we should avoid sending spam as much as possible.
If you suffer from a lot of spam, it is wise to investigate exactly where the spam is coming from.
Of course it is possible to tighten up the spam filter, but the question here is whether this is a good solution. Perhaps there is a cause for the many spam e-mails. It could be that the spam mails come from you unknowingly.
Sometimes you may receive spam mails whose sender is your own email address. When this is the case, the spam is not stopped by the spam filter, after all, email from your own email address is safe by definition. However, this is not always the case.

Spam from your own email address can be recognized by the subject line:

  1. Returned mail: see transcript for details

  2. Mail delivery failed: returning message to sender

  3. Undeliverable mail

  4. failure notice


What are the consequences?

The consequences are often very large. When this happens and action is not taken in time, receiving parties will reject emails.
This is a consequence not only for yourself, but for all clients on the server.

Can I do something about my own spam?

Fortunately there is. There are several things you can take into account as a hosting owner.

Find out where the spam is coming from
In your control panel you often have the option to retrieve logs.
You can often get the email logs and from those you can often see how the mails were sent, for example via the website (via a certain script) or via the email address itself.
You can also read the email headers of the email you received.
When you know it came from the email account, read the heading: Email below.
If the email was sent via a script the email header has an X-PHP-Originating-Script line.
If you see that it was emailed via a script, read the heading Website.
In another article we will explain more about how to read out email headers.

Email
Make sure each email address created has a difficult password, consisting of numbers, lowercase, uppercase, and foreign characters. Make sure the password is long, the longer the password the more secure it becomes. If your email address is misused for spam, change the password as soon as possible and use a strong password.

Furthermore the advice is to create as few forwarders as possible, if a hacker knows it is a forward address he/she will send a lot of spam to it.
The receiving party will see you as a spammer. If you do want to use a forward, forward internally to your own domain email address and not externally to hotmail / live / yahoo / gmail etc.
On several websites you can check how strong your password is (of course never specify which website you use the password on or which email address uses the password). If you only have the password checked the website that checks it does not know what it is used for.

SPF
To better combat spam, the SPF (Sender Policy Framework) was invented.
This is a TXT dns record in which you can specify which mailserver may mail on behalf of your domain name.
You can set an SPF as narrow as you like. The character at the end of the SPF record ultimately determines how tightly the SPF is set.
For example, you have a ~ for softfail, this means that the mail is sent as usual, but if the mailserver is not included in the SPF record, the mail will end up in the recipient's junk folder.
Besides softfail you also have - for hardfail.
This means that the mail server must be included in the SPF record.
If this is not the case, the mail is rejected and you get a bounce (email back) saying that the ip address of the mail server is not allowed and that the SPF is blocking this?
So the hardfail option is the safest way, but can cause problems if it is not set up properly, for example because the ip address of the mail server is not included in the SPF.?

DKIM
In addition to SPF, another way to combat spam is DKIM (also called Domain Keys).
This is also a DNS record. In addition, the DKIM is also written by the mail server.
The mail server provides a stamp, and the receiving party can check if the stamp matches the dns record. If it does, the receiving side can be sure that the mail server is correct.
However, it is important that the mail server then also supports dkim, otherwise it will not work,.

DMARC
DMARC is also a dns record. DMARC can be set up in many different ways.
Dmarc can inform you as soon as a mail is sent.
You can also set DMARC so that a mail must meet a certain condition before it can be sent. For example, at least the SPF record must be correct, or DKIM.
It is even possible to set the condition that both SPF and DKIM must be correct, if this is not the case DMARC will notify you so you can investigate whether the mail was indeed sent in an invalid way. On the internet you can find tools to generate a DMARC record.

Website
A website often also contains an email capability. Think of contact forms, registration forms, newsletter systems, etc.
Hackers often abuse the way websites send emails.
Therefore, try to use reCAPTCHA on these forms as much as possible.
ReCAPTCHA is a code that visitors have to type over. It is annoying for the visitor to do this, but necessary to combat spam.
In addition, if you program yourself, you could make your own script, if you know that you normally only get 1 email per hour, it is remarkable when you get 100 in 1 minute. You could possibly create your own security for this as well.

Spam by CMS
It is also very common that CMS websites (like Wordpress) send a lot of spam.
This is because there is a plugin installed (probably outdated) that has a leak and can be abused by a hacker. The hacker can then create files and send spam. In that case you will have to find out which file was created (recognizable by a filename with strange characters, and recognizable by the content, the content is often 1 line in a row with encrypted numbers). It is therefore very important to keep both the WordPress version and plugins up to date.
Click here to learn more about securing your website.


Email address on the website
It also sometimes happens that people put their email address on their website. Bots/hackers can scan this and include it in their spam list. It is therefore wise to make an image of it, or put it in this format: email@address(.)tld, because of the () it is not a valid email address. However, it is useful to inform your visitors to leave out the () itself.

In conclusion:
If you have followed the above advice and are still experiencing a lot of incoming spam, you may choose to set a spam filter tighter. With the tighter setting, the mails will get into the spam folder. Note that if you set the filter too tight, valid mails may also end up in the spam folder. There is also an option to purchase SpamExperts. This is a paid service that is very good at intercepting spam e-mails.

Back to email

Related articles