Suped

What to do if spam emails use my company's email and unsubscribe link?

13 Marketer opinions3 Expert opinions4 Technical articles1 Resource

Summary

When spam emails are using your company's email address and unsubscribe link, the key is a multi-faceted approach involving technical remediation, damage control, and proactive monitoring. Implement and rigorously monitor email authentication protocols such as SPF, DKIM, and DMARC to prevent spoofing. Use tools like Google Postmaster Tools to track domain reputation and spam rates. Ensure your email server and website are secure to prevent unauthorized access and code injection. Manage incoming inquiries by filtering and addressing replies to forged emails. Communicate with affected customers, educating them about phishing and providing guidance. Work with your ESP to potentially disable compromised unsubscribe links. Remember that a compromised sender's platform may be a risk, and strong incident response procedures are crucial to a prompt resolution.

Key findings

  • Email Authentication is Critical: Implementing SPF, DKIM, and especially DMARC with a 'reject' policy, is crucial to prevent spammers from forging messages and to instruct recipient mail servers on how to handle unauthorized use of your domain.
  • Domain Reputation Requires Constant Monitoring: Regularly monitoring your domain reputation using tools like Google Postmaster Tools and checking blacklists helps identify potential issues early.
  • Incident Response and Damage Control are Necessary: Effective damage control involves fixing the vulnerability that allowed the spoofing, warning users about the problem, creating filters to manage incoming spam-related inquiries, and replacing the compromised unsubscribe link with a warning notice.
  • Security and Abuse Reporting are Essential: Ensuring your email server and website are secure, preventing unauthorized access and code injection, and reporting instances of spoofing to anti-phishing organizations are vital steps.

Key considerations

  • ESP Collaboration is Important: Reaching out to your ESP, as unsubscribe links are often unique, and they may be able to disable the compromised link, is a valuable action.
  • Customer Education Should Not Be Overlooked: Educating your customers about phishing attempts and how to identify suspicious emails helps prevent them from falling victim.
  • Reply-To Validation is Often Missing: Recognize that many ESPs do not validate Reply-To addresses, so be proactive in monitoring and securing your email channels.
  • Compromised Platforms Must Be Addressed: Assess the possibility that your sender's platform may be compromised, potentially leading to your address being used as a default value.

What email marketers say
13Marketer opinions

If spam emails are using your company's email address and unsubscribe link, the primary steps to take involve technical remediation and damage control. Technical steps focus on implementing and monitoring email authentication protocols (SPF, DKIM, DMARC) to prevent spoofing and protect your domain reputation. Domain reputation should be monitored through tools such as Google Postmaster Tools. Security measures should be applied to prevent unauthorized access to your email server and website. Affected customers/users should be educated and steps taken to report spam to anti-phishing organizations and ISPs. Although there may not be immediate impact on deliverability, action should be taken to deal with the issue.

Key opinions

  • Email Authentication: Implementing SPF, DKIM, and DMARC is crucial to prevent spoofing and protect your domain.
  • Domain Reputation Monitoring: Regularly monitor your domain reputation using tools like Google Postmaster Tools to track spam rates and identify potential issues.
  • Reporting Abuse: Report instances of spoofing to anti-phishing organizations and relevant authorities to help combat spam.
  • ESP Involvement: Contact your ESP, as unsubscribe links are often unique, and they may be able to disable compromised links.

Key considerations

  • Compromised Platforms: Assess the possibility that your sender's platform may be compromised, potentially leading to your address being used as a default value.
  • Customer Education: Educate your customers about phishing attempts and how to identify suspicious emails to prevent them from falling victim.
  • Incident Response: Develop and implement incident response process to deal with situations that occur and manage damage control, ensuring prompt action against abuse.
  • Domain Security: Enhance the security of your email server and website to prevent unauthorized access and code injection which could be exploited by spammers.
Marketer view

Marketer from Email Geeks suggests one slight concern is that the sender's platform has been compromised and their address is simply a default value.

April 2022 - Email Geeks
Marketer view

Email marketer from Mailjet Blog shares to implement email authentication protocols like SPF, DKIM, and DMARC to prevent spoofing. Also, monitor your domain reputation using tools like Google Postmaster Tools and consider contacting the recipient's email provider.

May 2022 - Mailjet Blog
Marketer view

Marketer from Email Geeks shares not to be too worried about deliverability impact because the user didn't originate these messages and that many ESPs do not validate Reply-To addresses. Also, the original messages may not have been relayed through an ESP in the first place.

June 2021 - Email Geeks
Marketer view

Email marketer from Spamhaus shares to implement email authentication methods like SPF, DKIM and DMARC and keep systems patched and up to date to prevent abuse.

November 2021 - Spamhaus
Marketer view

Email marketer from EasyDMARC responds to deploy DMARC with a 'reject' policy to prevent unauthorized use of your domain, and to actively monitor DMARC reports.

July 2024 - EasyDMARC
Marketer view

Email marketer from Quora user Robert Graham shares implement SPF, DKIM, and DMARC. DMARC is important because it tells the world (gmail.com, yahoo.com, etc.) to reject unauthorized use of the domain.

September 2023 - Quora
Marketer view

Email marketer from Reddit user u/reputationdefender shares monitoring domain reputation by checking blacklists, using tools like Google Postmaster Tools, and ensuring your email practices are compliant with email regulations.

February 2025 - Reddit
Marketer view

Email marketer from StackExchange user John Smith responds to analyze the email headers to identify the originating IP address and mail servers. Use this information to report the abuse to the appropriate authorities.

February 2025 - StackExchange
Marketer view

Email marketer from Proofpoint suggests that to prevent email spoofing, organizations must implement strong email authentication protocols and also educate their employees so that they are better equipped to spot and report suspicious emails.

May 2021 - Proofpoint
Marketer view

Email marketer from SendPulse Blog responds to implement SPF, DKIM, and DMARC records, educate customers about phishing, monitor email deliverability, and report spoofing to anti-phishing organizations.

May 2021 - SendPulse Blog
Marketer view

Email marketer from MXToolbox explains to ensure your email server and website are secure to prevent unauthorized access and code injection and also to report any instances of spoofing to organizations like the Anti-Phishing Working Group (APWG).

October 2024 - MXToolbox
Marketer view

Marketer from Email Geeks mentions that ESP unsubscribe links are typically unique to each recipient and suggests reaching out to the ESP to see what they think and if they may be able to disable the unsubscribe link.

September 2021 - Email Geeks
Marketer view

Email marketer from EmailOctopus Blog explains that monitoring your domain reputation is important and tools like Google Postmaster Tools can help track spam rates and domain reputation.

May 2021 - EmailOctopus Blog

What the experts say
3Expert opinions

If spam emails are using your company's email and unsubscribe link, experts recommend focusing on minimizing damage and correcting the underlying issues. This includes replacing the stolen unsubscribe link with a notice about the phishing attempt, addressing the vulnerability that allowed the spammer to use your email, and proactively managing replies to forged emails by filtering and responding appropriately.

Key opinions

  • Link Replacement: Replace the compromised unsubscribe link with a warning notice about the phishing attempt and its ineffectiveness.
  • Problem Resolution: Fix the underlying security issue that enabled the spammer to use your email address in the first place.
  • Reply Management: Filter and address replies to forged spam to manage the influx of inquiries and inform affected recipients.

Key considerations

  • Reputation Impact: If only the unsubscribe link is affected, overall email reputation might not be severely impacted, but action is still necessary.
  • User Communication: Warn your users about the spam and the potential risks, and provide guidance on identifying and reporting such incidents.
  • Email Filtering: Implement email filters to automatically separate and manage the expected increase in spam-related inquiries.
Expert view

Expert from Spamresource.com answers that replies to forged spam should be handled by filtering the messages into a separate folder, so legitimate emails aren't lost. Then, respond to those asking for an explanation of why they are getting spam from the user and inform them of the situation.

December 2021 - Spamresource.com
Expert view

Expert from Spamresource.com explains that damage control involves fixing the problem that allowed the spammer to use your address, warning users about the problem and creating a filter to trash future spam.

October 2022 - Spamresource.com
Expert view

Expert from Email Geeks shares if it’s just the users link it shouldn’t affect their overall reputation. Suggests, replacing the link content with a notice that this is a phish and the unsubscribe link was stolen and won’t work for the mail they think it will is a good idea.

February 2022 - Email Geeks

What the documentation says
4Technical articles

If spam emails are using your company's email address and unsubscribe link, technical documentation emphasizes implementing robust email authentication protocols to prevent spoofing and phishing. These protocols include SPF, DKIM, and DMARC. Additionally, it's recommended to utilize security services like Exchange Online Protection (EOP) and Defender for Office 365, configure anti-phishing policies, and monitor DMARC reports to identify and address spoofing attempts.

Key findings

  • Email Authentication: SPF, DKIM, and DMARC are crucial for verifying the authenticity of emails and preventing spammers from forging messages.
  • Security Services: Utilize email security services like Exchange Online Protection (EOP) and Defender for Office 365 for enhanced protection against phishing.
  • DMARC Monitoring: Monitor DMARC reports to identify and address spoofing attempts, enabling you to take corrective actions.

Key considerations

  • BIMI Implementation: Consider implementing BIMI to add your brand logo to authenticated messages, increasing trust and visibility.
  • Anti-Phishing Policies: Configure anti-phishing policies, Safe Links, and Safe Attachments to protect users from malicious content.
  • DNS Record Publication: Publish DMARC records in your DNS to instruct recipient mail servers on handling emails that fail SPF and DKIM checks.
  • Email Routing: Proper email routing is important to increase trust in sent mail, protect against phishing attacks, and prevent email spoofing.
Technical article

Documentation from Microsoft Support shares to use Exchange Online Protection (EOP) and Defender for Office 365 to help protect against phishing attacks. Configure anti-phishing policies, Safe Links, and Safe Attachments.

September 2024 - Microsoft Support
Technical article

Documentation from Cloudflare states to use technologies and services like SPF, DKIM, DMARC, and email routing to increase trust in sent mail, protect against phishing attacks, and prevent email spoofing.

December 2024 - Cloudflare
Technical article

Documentation from DMARC.org answers implementing DMARC involves publishing a DMARC record in your DNS, which tells recipient mail servers how to handle emails that fail SPF and DKIM checks. Monitor DMARC reports to identify and address spoofing attempts.

July 2024 - DMARC.org
Technical article

Documentation from Google Workspace Admin Help explains to set up SPF, DKIM, and DMARC to help prevent spammers from forging messages that appear to come from your domain. Also, use BIMI to add your brand logo to authenticated messages.

September 2021 - Google Workspace Admin Help

Related resources
1Resource

How to Deal When Unsubscribe Doesn't Work - Ask Leo!
How to Deal When Unsubscribe Doesn't Work - Ask Leo!

When a legitimate email sender doesn't respond to an unsubscribe request, they're no longer legitimate. Here's what to do.

Ask Leo!

Related questions