Dear CAUCE Team,

We are looking for support resources to thwart a massive spam/forgery
attack that misuses our company name — claiming we are the spam
source. The spam contains url links to numerous computers that
apparently download viruses. We are looking for assistance and
guidance in dealing with this. Any suggestions?


Dear Forged,

We have a lot of sympathy for your predicament. Internet e-mail has
no built-in security, and there is little one can do to prevent bad
guys from putting fake names on their junk. We have seen a large
number of spam with faked return addresses from your competitors as
well as from your brand. There are several things we can recomend to
potentially help with your email program, and protect users from
receiving email with your forged from addresses (note:
this will not completely remove this threat, but can help protect your

  • Only send email from well branded mail servers (i.e. and not generic This
    will help ISPs distinguish between your mail and a fake mail server.
  • Implement, or fix, one or more of these popular authentication
    solutions; SPF, Sender ID, DKIM, and BATV.
  • Send email from your own domain, do not use the senders email
    address – authentication solutions will generally cause these messages
    to fail.
  • Let your users know of these changes and your policies regarding
    the structure of your emails
  • Provide instructions on your web pages with information similar to this:
    • "We only send email with fully qualified domain names
      ( and never with an IP address in the URLs
      ( – if you receive and email with IPs in the body – DO
    • "We in no way endorse the sending of spam and have taken the
      following actions to protect our users: SPF,Sender ID, etc…)

Do you have a question you would like answered? Email them to