Matteo Cominetti is a design technologist focusing on BIM, VDC, parametric design and open standards.

Anti-Spoof on your Google Apps email

I recently started receiving some Delivery Status Notification or automatic response emails from messages I have never sent. Expanding the details I noticed that they were all replies to emails sent by addresses like this: E7F35AED@mydomain.com (were mydomain.com is actually a domain of mine I use under Google Apps). I was receiving them because I set my own email myemail@mydomain.com as a catch-all address so that all emails sent to not existing addresses @mydomain.com would be forwarded to my main email address.

So actually I was just a victim of Spoofing and I could realize that only thanks to the catch-all address.

Googling a bit around I found out that there are mainly 3 methods to prevent this phenomenon and add an authentication step to your sent emails:

  • SPF records
  • Authenticate email with DKIM
  • DMARC I personally suggest everybody having a Google apps domain turning on the Catch-all address and activating the first two methods, the third is quite sophisticated and might be needed only in some situations.

Good luck, hope it works!

comments powered by Disqus