Email: I am getting emails that are sent to or from non-existent email addresses for my domain

Note: This applies if you have email forwarding with a catch-all set up.

Spammers and scammers are constantly operating to do whatever they can for whatever purposes they have. One scenario that can be run into when you have email forwarding with a catch-all set up, is that you may receive spam / scam emails that are sent to non-existent or made up email address for your domain (example: randomthing@yourdomain.com). This may be alarming as it could appear that your account was hacked and someone created and is using new email addresses for your domain, but many times this is not the case.

Note: As a preemptive disclaimer, there can be many explanations for similar circumstances, so please do not take any of this as a blanket statement, and please contact us with any specific concerns about your account, domain, or email.

This type of scenario, where you receive email sent to random made up email addresses for your domain, is usually harmless and can be viewed as regular spam email. Spammers and scammers will make up email addresses or have a bot auto-generate email addresses to send spam email to. So they just take information that can be readily found on the internet (like your domain name) and use that to send email to or from a non-existent email address, without having access to any of your domain admin areas. 

There is always nefarious intent with these emails, such as wanting someone to click a link in an email, as would be an objective with a regular spam email. Another possible method is "Mailer Daemon" spam (more about it here: blazingfibre.net/tech/bounceflood.htm), where spammers try to forge, "spoof", or make it look like a spam email came from you (see HelpDesk article: Protect Against Email Spoofing in cPanel (Added Email Security)), but is usually sent to another person. If the message bounces and the person does not receive it, you may receive the bounce-back error message from the mail system, as it may look like you tried to send the spam email, when in fact you did not. Spammers may use this "Mailer Daemon" spam as a way to get past spam filters. In this scenario, to check if it was an email spoof (meaning nobody hacked into your account, they just tried to make it look like an email came from you), or if someone actually has hacked into your account, you can check the original email headers to see where the email was actually sent from. Please contact us if you are unsure or have any questions or concerns about this.

In many circumstances, emails sent to or appearing to come from random email addresses for your domain, do not usually indicate that your account, domain, or email has been compromised. But again, please contact us with any questions or specific concerns about your account, domain, or email.