能夠用自己的域名傳送電子郵件是非常好的，但是當有人開始用你的域名傳送垃圾郵件時，你會怎麼做呢？今天的超級使用者問答文章討論了這個問題，以幫助一個沮喪的讀者。

今天的問答環節是由SuperUser提供的，SuperUser是Stack Exchange的一個分支，是一個由社群驅動的問答網站分組。

照片由Maria Elena（Flickr）提供。

問題

超級使用者讀者Jake M想知道某人是如何使用個人域傳送電子郵件的：

Spammers or someone similar is sending e-mails to people using our domain name.

• The e-mails are from a user we did not create called: [email protected].
• The e-mail is to: [email protected].
• The content of the e-mail talks about a stock that is six cents but will go to fifteen cents and that people should buy it. It contains a link to Yahoo’s finance website, but I will not click it, so I am not sure if it is legitimate. We know of the e-mails because we get bounce-backs (the recipient must not exist).

What would allow someone (or a bot) to send an e-mail under our domain name? Is there anything we can do to stop this? Is this Dictionary Spamming?

有人是如何做到這一點的？有什麼辦法可以緩解這種情況嗎？

答案

超級使用者貢獻者Paul和AFH為我們提供了答案。首先，保羅：

The SMTP protocol does not include any controls over the From and To fields in an e-mail. They can be whatever you like provided you have authority to send e-mails using the SMTP server.

So the short answer is nothing prevents anyone from using your domain in e-mails they send. Even normal users can put whatever e-mail address they like in their e-mail settings.

Spammers routinely use valid domain names as From addresses to avoid being blocked.

While you cannot stop someone from sending e-mails with your domain name, you can help e-mail servers around the world understand if e-mails sent from your domain name actually originated from you and are legitimate e-mails, so that any others can be discarded as spam.

SPF

One way is to use SPF. This is a record that goes into DNS and lets the Internet know what servers are permitted to send e-mails on behalf of your domain. It looks like this:

• ourdomain.com.au.  IN TXT “v=spf1 mx ip4:123.123.123.123 -all”

This says that the only valid sources of e-mail for ourdomain.com.au are the MX servers – the server defined as the recipient of e-mails for the domain, and another server at 123.123.123.123. E-mail from any other server should be c***idered spam.

Most e-mail servers will check for the presence of this DNS record and act accordingly.

DKIM

While SPF is easy to set up, DKIM takes a little more effort and should be implemented by your e-mail server administrator. If you send your e-mail via an ISP e-mail server, they will often have methods for quick setup of DKIM.

DKIM works similarly to SSL certificates. A public/private key pair is generated. The private key is known only to the e-mail server, and it will sign any outgoing e-mails.

The public key is published using DNS. So any server receiving e-mails marked as coming from your domain can check that the e-mail was signed by retrieving the public key and checking the signature in the e-mails. If no signature is present, or it is incorrect, the e-mail can be c***idered spam.

接下來是AFH的回答：

An e-mail can contain any Reply-To address you choose. Some e-mail servers will send undeliverable notificati*** back to the Reply-To address rather than the originator. Online mail handlers like Gmail require you to validate any Reply-To address you use when composing online, but there is no such restriction when using a remote client with POP3/IMAP. And if you run your own e-mail server, you can probably also fake the From address.

有什麼要補充的解釋嗎？在評論中發出聲音。想從其他精通技術的Stack Exchange使用者那裡瞭解更多答案嗎？在這裡檢視完整的討論主題。