Some abuse our domaine to send false invoices to Danish municipalities. We strongly recommend that you delete these mails without clicking the attached pdf-file. We are aware that at least two Danish municipalities have received such a fake mail.

This type of spam is called in internet jargon "Joe Job", and here is the best description we have found of the problem:

  • "They're using spoofed sender data to generate an email that looks like it's from your domain. It's about as easy as putting a fake return address on a piece of postal mail, so no, there's really no way to stop it. SPF (as suggested) can make it easier for other mail servers to identify email that actually comes from your domain and email that doesn't, but just like you can't stop me from putting your postal address as the return address on all the death threats I mail, you can't stop someone from putting your domain as the reply-to address on their spam."

Our research into this spam

In fact, according to our research into this kind of spam, there is nothing we can do since the mails in question does not come from our domain or an email address that we have created. These mails only use a fake mail address in response to, and since our Google Mail service captures all of these responses, we have become aware of the issue. A recipient of such a fake mail has even called us.

Here's what it is supposed that the recipient does to avoid such mails coming through to end users:

  • "To be more correct, you should say: No one's using your (domain's) server to send spam. Because they do use the domain, namely as the FROM-address. Of course SPF is no barrier at all, because the sender will use a hop-server which does not do SPF checks. Solution would be simple: The responsible Server for the TO-address should reject with 450 to the server the mail originates, not to send a DSN to the server which is responsible for the FROM-address"

We also recommend using either the public Gmail og GMail as part of G-Suite, then few spam mails reach the end user.