Some Jackhole Appropriated My Email Address – Use DMARC to Prevent Spoofing

A few interesting things have happened in the past few months since I published my last blog post:

1. Obnoxious emails that appear to be sent from my own email address, the one I use to query literary agents, began filling up my spam folder.

2. An editor I met during the SDSU Writers’ Conference in February asked for my full manuscript.

3. The literary agents I queried after sending my manuscript to the aforementioned editor have not yet replied back (with the exception of one particularly quick agent who responded with a polite rejection in a record-breaking 31 minutes).

You (that is, my imaginary audience) may be wondering, who’s the editor? Which publisher? How many literary agents did you query? I don’t want to jinx myself by answering these questions right now, especially if any of these literary agents are scrutinizing my website in search of an excuse to pass on my manuscript (or me). To be honest, I think it’s too early to interpret unanswered queries as: I’m not the agent you’re looking for. You can go about your business. Move along. Move along. But as more days passed with no reply whatsoever, a horrible thought occurred to me. What if Interesting Thing #1 was affecting Interesting Thing #3?

Up until now, I had simply ignored and deleted all obnoxious spam email. These emails included attempts to sell me cheap Viagra; correspondence written entirely in Chinese or Japanese (I can’t tell which); and one particularly disturbing and unrelenting message telling me my email account, my computer, and all my devices have been hacked thanks to a malware link I clicked while visiting an adult site, that they made a video of me satisfying myself while watching videos from this adult site, and unless I want this explicit video of myself sent to all my email contacts, I must send $752 to a bitcoin address with a very long alphanumeric string of text.

I know this threat is a blatant lie because:

1. Thanks to my paranoia, I put tape over my laptop camera several years ago when I found out Mark Zuckerberg did this.

2. The threat gives me 48 hours to comply, yet I received the first email as least as far back as December of last year and nothing has happened.

3. Regardless of any moral misgivings I might have about visiting adult sites, my fear of infecting my computer with digital STDs is the overriding reason why I avoid these sites in the first place.

This particular email worried me not because I believed it, but because it appeared in my spam folder regularly, several times a week (probably every 48 hours, but it didn’t occur to me at the time to keep track of this, so they’ve all been deleted). Though annoying, I assumed that as long as I didn’t click any links, these emails were harmless.

But as more days went by with no reply whatsoever from literary agents, it occurred to me that the jackhole appropriating my email address might also be screwing with these literary agents with my own email address. Whether or not this is actually true, I was convinced spammers exploiting my own email address was a problem I could no longer ignore.

I searched the internet for a solution and found an article from LifeHacker.com called How Spammers Spoof Your Email Address (and How to Protect Yourself).

According the article, it’s easy for spammers to use your own email address, and it’s also possible to stop this. All I had to do was file a DMARC record for it and update my domain registrar.

What?

I’m not using a Gmail address to query literary agents because it doesn’t look professional. Or Yahoo. Or any big-name email provider most people may have heard of. I’m using my own email address with the domain I bought for my website. Which means I had to do a little extra work to get my email account up and running without my email messages bouncing back or ending up in spam folders. So far, I’ve been my own tech support. And far as I know, my email account has been working just fine. I’ve already been through a round of querying and rejections for my first manuscript and have not run into any problems with my account. But add a DMARC record to make my email secure? I’ve never heard of this before.

It took me a while to read up on what a DMARC record is, (DMARC stands for Domain-based Message Authentication, Reporting and Conformance), what it’s for (to stop people from spoofing your email address), and the rest of the day to figure out how to add it to my DNS register without messing up my website. In short, I generated a DMARC record from a website called Dmarcian.com, and copied and pasted the generated text to add it to my DNS register.

What happened?

1. The email spoofing has stopped. There are no more emails written in Chinese or Japanese, and no more threats of my account being hacked. All that’s left are persistent and annoying emails trying to sell me cheap Viagra, all coming from an address like pnrfxouxbns@throwawaymail[dot]com, except that the letters in front of the domain appear to be randomly generated and never repeated. I looked up the website ThrowAwayMail[dot]com and found it exists and wants your business. I’m working on modifying my email settings to send all these emails directly into my trash folder. For now, I’m more concerned about accidentally blocking a legit email from a literary agent than I am of spam.

2. I received a very polite canned rejection that went something like this: thank you so much for giving me a chance to consider your work. Unfortunately, I’m not the agent you’re looking for. You can go about your business. Move along. Move along (and of course, the rejection also mentions that publishing is subjective industry, please don’t be discouraged, best of luck, et cetera). Most importantly, nowhere in this rejection is there any mention that some jackhole spoofed my email address and included a link to an explicit video of me satisfying myself while watching adult videos. This is a relief, because I want to be rejected on the inadequacies of my own writing, not because someone operating with a poorly calibrated moral compass, a questionable life purpose, and the odd grammatical style of a non-native English speaker hacked my account.

Meanwhile, to give me something else to dwell on besides the two rejections sitting in my inbox, and to demonstrate to curious literary agents what a promising, up-and-coming, good little busy worker-bee writer I am, I’ve updated my blog. And of course, I’m sketching out ideas for a new novel.

1 thought on “Some Jackhole Appropriated My Email Address – Use DMARC to Prevent Spoofing”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.