We have found that messages are being sent from fake addresses using our domain, but are not sure what is happening or how to stop it.
asked , updated
answered , updated
by s-james2The spammers are not actually using your domain to send the messages. They are spoofing the return address on the email message to make it appear as if the message originated from your domain. There is nothing you can do to prevent the spammers from spoofing your domain, but you can create an SPF record for your domain that many mail servers will check to determine whether or not the message originated from an authorized mail server (see the Google Apps Administrator link for more details on SPF records). This solution is not perfect because it depends on the receiving mail servers to check SPF records (which of course not all of them do).