Unwilling accomplice
The next step was to find out how my domain e-mail could be used by disreputable spammers. What was actually happening was that my domain e-mail was being spoofed. The CERT Coordination Center at Carnegie Mellon University has this to say about how this occurs: "E-mail spoofing may occur in different forms, but all have a similar result: A user receives e-mail that appears to have originated from one source when it actually was sent from another source. E-mail spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords)."
We've all seen e-mails claiming that we must change our eBay or PayPal account information. Most people now know better than to supply any confidential information via e-mail, and most spam filters now plunk these messages into a bulk or spam folder.
Is there any way to prevent spammers from using my domain name in the "Reply To" field? No. Here's why. The Simple Mail Transfer Protocol doesn't require any authentication, nor does it validate e-mail addresses. It just sends and receives mail if the e-mail addresses are in the right format. There are many things that site administrators can do to protect their mail servers, and some of this information is available in the CERT document. However, in my situation, my domain hosting is outsourced to a company that hosts thousands of domains. I learned from my ISP that associating my e-mail address with the catch-all account made my domain a likely target for spammers, so I changed the settings to bounce messages not addressed to valid domain accounts I owned. The bounces would inform the victims that it was not my domain that was spamming them.
The last question that I needed answered was whether my domain is now blacklisted because it's been used for spamming. I tried several Web sites to determine whether my domain had been blacklisted (I did a Google search on "domain blacklist"). All was well. Fortunately for people who have outsourced their domain and e-mail services, the hosting provider is generally diligent about making sure the IP address of the mail server isn't blacklisted, since that can have a negative effect on thousands of customers. The result of being blacklisted is that e-mail sent from your domain is tagged by e-mail servers or spam gateways as unwanted and generally gets dumped into the bit bucket instead of being delivered to your intended recipient. Basically, e-mail from your domain is blocked all over the Internet. This can be quite serious for a government entity or company.