Victim of a "joe job"

I’ve been getting some angry emails in the catch all filter today. People replying to a spam email made out to look like it is coming from our domain.

After a little research I believe we are the victim of what people in the spam business refer to as a joe job. However it does not seem to be a vendetta or attack on us and our name, since the email is sort of polite and refers people to a website for buying drugs not child-porn. I also don’t believe we have any enemies with the know-how to pull of y2k shit like this.

The only remedy I’ve found on the web is to ignore the problem. I’m hoping that’s not the case…
Some articles also urge you to check for open relays by typing this [font=Courier]telnet[/font] into the console… But I have no idea how to do that.

Maybe the dreamhost admins can help us out?
We only need a few (six) emails for our domain, so maybe there is a way to shut down anything except those few real adresses or something.

Any tips or help is greatly appreciated. Also ways to make sure this is a joe-job and not a breach into our email account or server or whatever the kids are doing these days instead of breaking windows, would be great.


Setting up SPF and DKIM for your domain might help, because it allows spam filters to automatically detect forged email.

SPF is fairly easy to setup, because it just involves a DNS TXT record. DKIM is more complex because it requires an email server that can digitally sign each email. If you are using GMail for your DH domain, then you can easily activate DKIM: