The nature of e-mail permits anyone to generate an e-mail message that has your "From" address in it.  In other words, it's difficult to certify that the sender of an e-mail message as it appears in the mail headers is actually the person who wrote the message, although new methods are gaining wider adoption, such as the SPF standard

Spammers will often use legitimate e-mail addresses in their outgoing mail, either to lend credibility to the message, to avoid dealing with any "bounce" messages that might result, or both.  Some viruses will even use the address of the infected user in generating copies of itself to send to other accounts.

Aside from the identity verification issues, which can be solved by using more secure forms of communication such as encrypted e-mail, there is not much you can do to prevent someone from impersonating your address in junkmail messages.  

It's worth noting that it is possible that there is software on your website or on your local network that is allowing a malicious user to generate messages from you; you should make sure your network and desktop computing environment, and that any software you run on your website, does not allow this to happen.

Here are the answers to some of the more frequently asked questions we've received about how to combat this, from our customers:

I use a third party to send out emails for me, what can I do to ensure those messages are delivered as legitimate?
One option is to use an SPF document.

What is it?
The Sender Policy Framework (SPF) is a method of ensuring that mail sent on your behalf -- such as by marketing companies like Constant Contact, Salsa Commons, etc -- are approved by you. Without going into a lot of detailed techno-mumbo-jumbo (though we can, if you'd like the details!) it verifies that the email sender has permission to send email on your behalf.

Why do I need it?
When a email server receives an email that was sent on your behalf by a third-party, that server will display the third party in the FROM line of the email.  So, for example, if you were to have Salsa Commons send an email newsletter to your list of clients, those clients would see "Your Name via Salsa Labs" in the FROM line.

This could potentially confuse your clients, because they are seeing that a third party actually sent the email, supposedly on your behalf. With an SPF  document on your domain with Summersault, your client's email server will check to verify that the third party is allowed to send emails on your behalf, and will display your name properly on the FROM line. 

This reduces the potential for confusion, and also helps to reduce the amount of spam/forged emails that claim to be sent on your behalf (if the receiving server checks for the SPF document, and sees that the email isn't coming from an approved source, it is more likely to reject the email as spam).

What do I need to do?
Contact Summersault support, and let us know your need!  We'll work with you to implement an SPF for your domain name so that when you use a third party to send emails to your mailing lists, the email is verifiable as being sent from you.

Will SPF help prevent me from getting sunburned at the beach?
No, this SPF only helps reduce the amount of forged and scam emails boucing through the internet; but we think that's a pretty worthy cause!