Suped

What can I do if my email address is being used for phishing emails?

10 Marketer opinions7 Expert opinions4 Technical articles0 Resources

Summary

When your email address is used for phishing, the first step is to determine if the address is being spoofed or if your account has been compromised. If it's spoofed, implement DMARC, DKIM, and SPF to protect your domain and monitor its reputation. Educate your customers about identifying phishing attempts and report incidents to organizations like the FTC and Google Safe Browsing. Analyzing email headers can also identify the origin of the phishing emails. If the account is compromised, immediately change passwords, enable two-factor authentication, check for unusual activity, and scan for malware. Monitor for phishing campaign trends and check if your domain has been blacklisted, taking steps to be removed if necessary. Using tools like Exchange Online Protection (EOP) and monitoring your IP via Spamhaus can also aid in prevention and detection.

Key findings

  • Spoofing vs. Compromised: Distinguish between email address spoofing and a compromised account, as each requires different responses.
  • Implement Authentication: Implement DMARC, DKIM, and SPF to prevent domain spoofing. Monitor DMARC reports for insights into email sources.
  • Education: Educate customers to recognize phishing attempts related to your brand.
  • Report Phishing: Report phishing incidents to organizations like the FTC and Google Safe Browsing.
  • Compromised Account Security: Secure a compromised account by changing passwords, enabling two-factor authentication, checking activity, and scanning for malware.
  • Monitoring: Monitor domain reputation, phishing campaign trends, and blacklists for signs of abuse.

Key considerations

  • Header Analysis: Analyze email headers to identify the origin of phishing attempts.
  • Proactive Communication: Communicate with contacts about phishing schemes using your brand.
  • EOP/Defender: Consider using Exchange Online Protection and Office 365 Defender.
  • Spamhaus Monitoring: Monitor your IP via Spamhaus to identify if you are on a Blocklist.
  • Baseline DMARC: Establish a DMARC baseline before analyzing reports.

What email marketers say
10Marketer opinions

If your email address is being used for phishing, several steps can be taken to mitigate the issue. First, determine if the address is being spoofed or if your account has been compromised. For spoofing, implement DMARC, SPF, and DKIM to protect your domain and monitor your domain's reputation for unauthorized use. Educate customers about identifying phishing attempts and report incidents to relevant organizations such as the FTC and Google Safe Browsing. If the account is compromised, change passwords, enable two-factor authentication, check for unusual activity, and scan for malware. Additionally, identify the source of phishing emails from the full headers and approach the email provider. Finally, take steps to get removed from any blacklists and monitor your IP to confirm if it has been added to the Blocklist.

Key opinions

  • Spoofed vs. Compromised: Differentiate between spoofing (forged address) and a compromised account (unauthorized access) as the response differs.
  • Implement DMARC: Set up DMARC, SPF, and DKIM to protect your domain from being spoofed and monitor email source reports, even at p=none.
  • Customer Education: Inform customers how to identify phishing attempts using your domain and encourage them to be suspicious of unexpected emails.
  • Reporting: Report phishing incidents to the FTC, Google Safe Browsing, and the Anti-Phishing Working Group.
  • Compromised Account Actions: If your account is compromised, change passwords, enable two-factor authentication, check for unusual activity, and scan for malware.
  • Blacklist Check: Check if your domain is blacklisted and take steps to be removed.

Key considerations

  • Header Analysis: Examine full email headers to identify the origin of phishing emails and potentially contact the service provider.
  • Domain Reputation: Monitor your domain's reputation to detect unusual email activity and protect your brand's integrity.
  • Proactive Communication: Inform contacts about phishing schemes using your brand and what steps to take if they receive a suspicious email.
  • Spamhaus Monitoring: Monitor your IP using tools such as Spamhaus to see if your domain is being identified as a source of spam.
Marketer view

Email marketer from Mailjet shares that you should monitor your domain reputation, as this can alert you to unusual email activity. Mailjet also shares that it's important to educate your customers on how to identify phishing attempts that use your domain. Encourage them to be suspicious of unexpected emails.

May 2021 - Mailjet
Marketer view

Email marketer from SendPulse explains that educating recipients about potential phishing campaigns is essential. SendPulse says you should inform your contacts about phishing and spoofing schemes using your brand and what steps to take if they receive a suspicious email. Also implement SPF, DKIM and DMARC.

September 2021 - SendPulse
Marketer view

Email marketer from Reddit shares that if it is a hacked account you need to change your password immediately, enable two-factor authentication, check for unusual account activity, and scan your computer for malware.

November 2024 - Reddit
Marketer view

Email marketer from Email Marketing Forum shares that setting up a DMARC policy, even at p=none, allows you to start receiving reports about the sources using your domain. This provides visibility into potential abuse and enables you to adjust your authentication policies.

November 2021 - Email Marketing Forum
Marketer view

Email marketer from Reddit shares to report the phishing to the FTC, Google Safe Browsing, and the Anti-Phishing Working Group.

December 2023 - Reddit
Marketer view

Email marketer from KnowBe4 shares you should first understand whether your email address is being spoofed or if your account has been compromised. Spoofing means cybercriminals are forging your email address, whereas a compromised account means they've gained access to it.

October 2023 - KnowBe4
Marketer view

Email marketer from Email Geeks shares that if you can get your hands on the full headers of a message, you may be lucky and it will identify a legit provider that is being used (abused) to send the messages and that you could go bother them.

April 2022 - Email Geeks
Marketer view

Email marketer from Email Deliverability Forum suggests checking if your domain has been blacklisted and taking steps to get removed from any blacklists. This can help restore your domain's reputation and prevent legitimate emails from being blocked.

May 2021 - Email Deliverability Forum
Marketer view

Email marketer from Proofpoint advises monitoring your domain for unauthorized use. Proofpoint explains that you should implement DMARC to protect your domain from being spoofed. It also stresses the importance of proactive communication with customers, explaining how to recognize phishing emails.

October 2023 - Proofpoint
Marketer view

Email marketer from Spamhaus explains that spamhaus can assist in monitoring your IP to confirm if it has been added to the Blocklist which is a good indicator for spam like activity.

February 2024 - Spamhaus

What the experts say
7Expert opinions

If your email address is being used for phishing, it's important to first understand the scope and nature of the problem. In the short term, there may not be much you can do immediately. However, implementing DMARC is crucial for long-term prevention, even though it might require establishing a baseline of 'normal' background noise to accurately interpret the data. If the phishing targets your service, warning customers is advisable. Monitor for trends to detect phishing campaigns and alert the targeted parties. If your account has been compromised, immediate action is necessary to avoid downstream email issues.

Key opinions

  • Limited Short-Term Actions: In the immediate term, there may be limited options to stop phishing using your email address.
  • DMARC Implementation: DMARC is essential for long-term prevention of email spoofing and phishing.
  • Customer Warning: If the phishing targets your service, alert customers about ongoing phishing attempts.
  • Compromised Account Urgency: A compromised account requires immediate action to prevent further damage.

Key considerations

  • DMARC Baseline: Establish a baseline of normal DMARC background noise to accurately interpret the data and identify meaningful anomalies.
  • Phishing Trend Monitoring: Monitor for trends in phishing campaigns to better understand the scope and targets.
  • Random vs. Targeted: Determine if the phishing is random or specifically targeted to assess the severity and required response.
Expert view

Expert from Email Geeks explains that DMARC is worth doing, but without a baseline of “normal” DMARC background noise it may not be as easy to see whether it’s meaningful or not.

April 2023 - Email Geeks
Expert view

Expert from Email Geeks explains that in the short term there is not much you can do if your email address is being used in phishing emails. Longer term, DMARC is designed to discourage this.

July 2021 - Email Geeks
Expert view

Expert from Spamresource explains that if your domain is being abused, monitor for any trends to detect phishing campaigns, then send alerts to the parties being targeted to warn them.

July 2024 - Spamresource
Expert view

Expert from Email Geeks shares that implementing dmarc at a "p=none" will give you some insights into the scope/size of there are actual phishing campaigns underway targeting your brand

June 2022 - Email Geeks
Expert view

Expert from Email Geeks shares that if they are phishing your service then warning customers that there are phishing attempts going around may not be a bad idea.

August 2024 - Email Geeks
Expert view

Expert from Email Geeks explains that sometimes From: addresses are just pulled from spam lists at random and waiting and seeing what happens is the easiest way to tell if it’s one or the other (random or targeted).

June 2021 - Email Geeks
Expert view

Expert from Word to the Wise explains that if your account has been compromised, immediate steps are required, and it can cause downstream email issues if left unresolved.

April 2024 - Word to the Wise

What the documentation says
4Technical articles

If your email address is being used for phishing, several documentation sources recommend implementing email authentication protocols and reporting the abuse. Google advises reporting phishing attempts and setting up DMARC, DKIM, and SPF. Microsoft suggests using Exchange Online Protection and Office 365 Defender. DMARC.org details how DMARC works with SPF and DKIM to prevent spoofing and provide reporting. Cloudflare outlines how to set up SPF to authorize sending mail servers.

Key findings

  • Report Phishing: Reporting phishing attempts to Google helps improve their detection and prevention systems.
  • Implement DMARC, DKIM, SPF: Setting up DMARC, DKIM, and SPF is crucial for preventing email spoofing and unauthorized use of your domain.
  • Use EOP/Office 365 Defender: Microsoft recommends using Exchange Online Protection and Office 365 Defender for comprehensive anti-phishing.
  • SPF Authorization: Setting up SPF records authorizes legitimate mail servers to send emails on behalf of your domain.

Key considerations

  • Comprehensive Protection: Consider using a combination of tools like DMARC, DKIM, SPF, and Exchange Online Protection for comprehensive protection.
  • Reporting Insights: DMARC provides reporting mechanisms to gain insights into how your domain is being used, helping identify abuse.
  • Domain Authentication: Ensure proper setup of SPF records to authorize legitimate sending sources for your domain.
Technical article

Documentation from Microsoft recommends using Exchange Online Protection (EOP) and Office 365 Defender for comprehensive anti-phishing capabilities. EOP can analyze emails for forgery of sender addresses and use of domains that have been intentionally created for phishing.

May 2021 - Microsoft
Technical article

Documentation from DMARC.org outlines how DMARC allows domain owners to specify how email receivers should handle messages that fail authentication checks (SPF and DKIM). DMARC helps prevent attackers from spoofing your domain. It also provides reporting mechanisms to gain insights into how your domain is being used.

September 2022 - DMARC.org
Technical article

Documentation from Cloudflare explains how to set up SPF (Sender Policy Framework) to authorize sending mail servers, this prevents attackers from spoofing your domain. SPF records are DNS TXT records that list the IP addresses and domains authorized to send emails on behalf of your domain.

February 2025 - Cloudflare
Technical article

Documentation from Google Workspace Admin Help explains that you can report phishing attempts to Google. Reporting helps Google improve its phishing detection and prevention systems. Google also recommends setting up DMARC, DKIM, and SPF to prevent spoofing.

July 2022 - Google Workspace Admin Help

Related resources
0Resources

No related resources found.

Related questions