Find My Website! – The Official Mantis Technologies Blog

Over the past 6 – 12 months, I have seen an increase in the instances of ’spam bombing’.

Spam bombing is the practice of spammers to find a valid domain name (sometimes through Google), generate random email addresses from that domain name and send out hundreds or thousands of email spam that says it is ‘from’ the addresses they have generated.

For example, say you have a domain name called ‘fredsbikes.com.au’. A spam bomber will then use software to randomly generate emails from ‘fredsbikes.com.au’ (eg. admin@fredsbikes.com.au, sales@fredsbikes.com.au, info@fredsbikes.com.au, etc.).

How can you tell if you have had your domain name spam bombed?
This is simple, you will notice within a period of a few hours up to 24 hours you will receive hundreds of emails saying they were undeliverable from your email accounts.

Why do spammers do this?
In the combat against spam, many mail servers now check incoming mail against mail records of remote servers to ensure the email coming in is from a valid email address. If it is, it will then allow it through. By spammers ‘tricking’ the mail servers by using domain names of legitimate businesses, they can get past these checks and get the spam through.

The rejected email you receive is simply the spam that did not make it through due to being sent to invalid or full mail boxes. You receive the email as the mail server sends it back to who it thinks is the originator.

How do I stop this?
Unfortunately there is no way to stop spammers from doing this as they are not actually sending email from your website or host. They are finding your domain name through public places and then sending the emails from their own servers or other servers they have access to.

You can however reduce the occurrence of spam bombing using your domain. The first thing to do is check if you have a ‘catch all’ email address. This is an email address that will catch any email sent to your domain.

You should instead set up individual email accounts for the actual addresses you use and then disable the catch all. This will then reject any invalid accounts and can stop some of the spam from being accepted by remote mail servers.

The other thing you should do is never publish your email addresses on your website. Spammers use special programs to scan websites for advertised email addresses to send spam to and also use for spam bombing others. A contact form is a better option as it hides the email address that the enquiry is being sent to.