What can I do to stop spammers using my company name in email from field?

Summary

Combating spammers using your company name in the email 'from' field involves a multi-layered approach. While complete prevention may be impossible, implementing strong email authentication (SPF, DKIM, DMARC) is crucial, especially with a 'reject' DMARC policy for owned domains. Monitoring brand mentions online, registering domain variations, and educating customers are vital. Investigating affiliate programs and analyzing spam email links can help identify the source. Emerging standards like BIMI can visually authenticate emails. Analyzing headers may reveal the spam's origin, but legal action's feasibility should be considered. Although your sender reputation might not be directly harmed, customer support workload and brand confusion are important concerns. Regularly auditing infrastructure and contacting your email provider are also recommended.

Key findings

  • SPF, DKIM, DMARC are Key: SPF, DKIM, and DMARC are essential email authentication methods to prevent domain spoofing.
  • Limited Prevention Possibility: Completely stopping spammers from using your company name might not be fully achievable.
  • Need for Proactive Monitoring: Proactive monitoring of online mentions and domain usage is necessary to detect unauthorized use.
  • Customer education Is Important: Educating customers on how to verify legitimate emails is vital to prevent scam victimization.
  • Implementation of BIMI: Implementing BIMI is another way to authenticate emails with a brand's logo.

Key considerations

  • DMARC enforcement: Implement DMARC with strict policy to quarantine or reject unauthenticated emails.
  • Affiliate Investigation: Consider investigating any possible affiliate scams.
  • Infrastructure audits: Perform audits of the email system to discover security issues.
  • Consider legal action.: Weigh the cost/benefits of legal actions.
  • Implement other security measures: Implement additional security measures to protect against phishing attacks.

What email marketers say
9Marketer opinions

To combat spammers using your company name in the email 'from' field, a multi-faceted approach is necessary. Implementing strong email authentication (SPF, DKIM, DMARC) is crucial, with DMARC allowing specification of actions against unauthenticated emails. Proactive measures include monitoring brand mentions online, registering domain variations, auditing email infrastructure, and educating customers about potential scams. Investigating suspicious affiliate activity and leveraging emerging standards like BIMI for brand identification are also recommended.

Key opinions

  • Email Authentication: SPF, DKIM, and DMARC are essential for verifying email sender identity and preventing spoofing.
  • Brand Monitoring: Regularly monitor online mentions and domain usage to detect unauthorized use of your brand.
  • Customer Education: Inform customers about potential email scams and how to verify legitimate emails from your company.
  • Affiliate Investigation: Examine affiliate activities for potential fraud or misuse of your brand and templates.
  • Emerging Standards: BIMI can visually identify genuine emails from your organization in supporting inboxes.

Key considerations

  • DMARC Enforcement: Implement DMARC with a policy to reject or quarantine unauthenticated emails using your domain.
  • Infrastructure Audits: Regularly audit email infrastructure and security protocols to identify and address vulnerabilities.
  • Domain Reputation: Monitor domain reputation to ensure it is not on any blocklists and maintain a positive sender reputation.
  • Legal Action: Gather evidence and consider contacting authorities or ISPs if you discover significant misuse of your brand.
  • Domain Variations: Register common misspellings or variations of your domain name to prevent typosquatting and phishing attacks.
Marketer view

Email marketer from Mailjet recommends implementing strong authentication methods (SPF, DKIM, DMARC) and closely monitoring your domain reputation. If you discover misuse, contact the relevant authorities (e.g., abuse departments of ISPs) with evidence.

October 2022 - Mailjet
Marketer view

Expert from Email Geeks also suggests that examining the links may inform you as to whom is profiting and to do some research on your own affiliate reporting to find the source.

April 2023 - Email Geeks
Marketer view

Email marketer from Email Marketing Forum recommends that you educate your customers about the potential for email scams and provide clear information on how to verify the legitimacy of emails they receive from your company.

February 2025 - Email Marketing Forum
Marketer view

Email marketer from Spamhaus shares to regularly audit your email infrastructure and security protocols, ensuring that any vulnerabilities that could be exploited by spammers are promptly addressed.

May 2024 - Spamhaus
Marketer view

Expert from Email Geeks recommends enabling DMARC with an enforcing policy to help mitigate spoofing that does involve your domains, also putting it on parked/unused domains.

October 2023 - Email Geeks
Marketer view

Email marketer from Cloudflare states using strong email authentication standards (SPF, DKIM and DMARC) is critical for domain protection and building sender reputation. Also look into BIMI.

April 2021 - Cloudflare
Marketer view

Email marketer from Reddit suggests contacting your email provider to see if they can implement any additional filtering rules based on the content or patterns of the spam emails using your name. Also suggests notifying your customers directly.

February 2022 - Reddit
Marketer view

Email marketer from Neil Patel advises monitoring online mentions of your brand, setting up Google Alerts, registering variations of your domain name, and using social media monitoring tools to catch instances where your brand name is being misused in email.

September 2023 - Neil Patel
Marketer view

Email marketer from SendGrid says that using SPF, DKIM, and DMARC are the key to preventing domain spoofing, and that you should monitor your domain to make sure you are not on any blocklists.

January 2022 - SendGrid

What the experts say
9Expert opinions

Combating spammers using your company name in the 'from' field is challenging but not entirely without recourse. While completely stopping it might be impossible, implementing strong email authentication (SPF, DKIM, DMARC), particularly DMARC with a reject policy, is crucial for domains you control. Analyzing email headers can sometimes reveal the spam's origin (e.g., compromised accounts, Romanian hotel network), but legal action may not be practical. Suspicion should be directed toward affiliate partners if relevant, and links in spam emails should be analyzed to track the money trail. Brand Indicators for Message Identification (BIMI) can help visually authenticate your emails. Ultimately, while your sender reputation may not be directly damaged, customer support burden and potential brand confusion are key concerns.

Key opinions

  • Limited Prevention: Completely stopping spammers from using your company name in the 'from' field may be impossible.
  • Email Authentication Importance: SPF, DKIM, and DMARC are crucial for controlling domains and specifying actions against unauthenticated emails.
  • Affiliate Suspicion: Be suspicious of affiliate partners and shut down links/payments if affiliate links are present in spam.
  • Header Analysis: Analyzing email headers can help identify the spam's origin, potentially revealing compromised accounts or networks.
  • BIMI Authentication: BIMI helps visually authenticate emails with your logo, increasing recipient trust.

Key considerations

  • DMARC Policy: Implement a strict DMARC policy (reject) for domains you control to prevent spoofing.
  • Legal Feasibility: Consider the practicality of legal action, as it might be costly and time-consuming.
  • Link Tracking: Analyze links in spam emails to identify the source of the spam and the beneficiary of the scam.
  • Sender Reputation: While your sender reputation might not be directly damaged, be aware of potential customer support burden and brand confusion.
  • Compromised Accounts: Be vigilant for signs of compromised accounts and take appropriate security measures.
Expert view

Expert from Email Geeks says that based on the headers, the spam is coming from a Romanian hotel chain's IP network, and might be from a compromised account.

April 2021 - Email Geeks
Expert view

Expert from Email Geeks explains that stopping emails using your company name but not your domain is likely impossible and depends on details not shared yet. Phishing emails for customer credentials require different mitigation strategies than random spam.

April 2023 - Email Geeks
Expert view

Expert from Word to the Wise explains you can use a Brand Indicator for Message Identification (BIMI) record, which is an emerging standard that allows you to display your brand logo in supporting inboxes, visually assuring recipients that the email is genuinely from your organization. Also this will help prevent against spoofing.

June 2021 - Word to the Wise
Expert view

Expert from Email Geeks advises to look at the links in the spam email, especially the CTA. If it's going to affiliate links, that's where to follow the money. If they've been replaced with links to somewhere else, then it's just a spammer has replaced the payload with their own and is sending them out.

April 2021 - Email Geeks
Expert view

Expert from Email Geeks mentions after doing some research on the email, says that the scammer may be running a scam that's not really related to you, rather they're using your name and maybe template, to give their scam plausibility. Also says they doubt that it'll be impacting your email deliverability, or reputation with actual customers, but is probably causing you customer support overhead and heartburn.

September 2023 - Email Geeks
Expert view

Expert from Email Geeks says that since the spam is not authenticated and not coming from your IPs it is not damaging your sender reputation.

July 2021 - Email Geeks
Expert view

Expert from Email Geeks says to be suspicious of the affiliate partner and shut down links and payments if there are affiliate links in the spam message.

July 2024 - Email Geeks
Expert view

Expert from Email Geeks explains that there is enough data to identify the sender, but unless you want to send lawyers after them it's not that useful.

August 2022 - Email Geeks
Expert view

Expert from Spam Resource explains that implementing SPF, DKIM, and DMARC is crucial. DMARC, in particular, allows you to specify what should happen to emails that fail authentication checks, including rejecting them, which can prevent spammers from using your domain.

February 2024 - Spam Resource

What the documentation says
3Technical articles

Technical documentation from Google Workspace, Microsoft Learn, and DMARC.org consistently emphasizes the importance of using SPF, DKIM, and DMARC records to combat email spoofing. These authentication methods prevent spammers from forging the 'From' address, hindering their ability to use your domain or company name in unauthorized emails. Implementing a DMARC policy and monitoring related reports are crucial for identifying and addressing instances of domain misuse.

Key findings

  • SPF, DKIM, DMARC Authentication: SPF, DKIM, and DMARC are fundamental email authentication methods for preventing spoofing.
  • Prevents Forged 'From' Addresses: These methods make it harder for spammers to use your domain or company name in unauthorized emails.
  • DMARC Policy Implementation: Implementing a DMARC policy is essential for specifying how to handle unauthenticated emails.
  • DMARC Report Monitoring: Monitoring DMARC reports helps identify and address instances of domain misuse.
  • Anti-Spoofing Protection: Anti-spoofing protection in Microsoft 365 relies heavily on SPF, DKIM, and DMARC configuration.

Key considerations

  • Correct Configuration: Ensure SPF, DKIM, and DMARC records are correctly configured for your domain.
  • Regular Monitoring: Regularly monitor DMARC reports to identify and address any issues promptly.
  • Policy Enforcement: Consider implementing a stricter DMARC policy (e.g., quarantine or reject) after monitoring and validating the impact.
  • Holistic Approach: These methods primarily protect your own domain; additional measures might be needed to address broader spam issues.
  • Platform Specifics: Configuration steps and options may vary slightly depending on your email platform (e.g., Google Workspace, Microsoft 365).
Technical article

Documentation from Google Workspace Admin Help shares that you can use SPF, DKIM, and DMARC records to prevent spammers from forging the 'From' address in emails, making it harder for them to use your domain name.

December 2022 - Google Workspace Admin Help
Technical article

Documentation from DMARC.org explains that implementing a DMARC policy and monitoring DMARC reports allows you to identify and address instances where your domain is being used to send unauthorized emails, including those using your company name.

August 2021 - DMARC.org
Technical article

Documentation from Microsoft Learn explains how enabling anti-spoofing protection in Microsoft 365, including configuring SPF, DKIM, and DMARC, can help to prevent attackers from impersonating your organization's domain.

December 2021 - Microsoft Learn