I have a domain name 2m.lt registered and added to google apps. There is an option there that all the email adressed to my domain (*@2m.lt) is forwarded to my mail email account (admin@2m.lt).
Well one week ago I have started seeing 3 to 6 emails every day sent from postmasters around the world saying that recipients could not be found. I looked at the mail and it says that someone tried to send an email to non existing address. The source address was: @2m.lt
It seems that someone is sending emails around the world and setting FROM field to random generated accounts BUT with my domain at the end. All this strange email that I have got is only for those cases where recipient is not found. I would imagine that lots of spam is received by someone from my domain.
I have exported these messages and you can look at them here: http://6.latest.formytestingaction.appspot.com/
I have changed my main account (admin@2m.lt) password but these messages still keep going into my mail box. Any suggestions what should I do?
I have tried to ask in Google Apps Forums with no avail.
Best Answer
The email protocol is totally insecure. Anyone can set the From line to anything they want, and there's basically nothing you can do about it.
These people don't need access to your email account - they just send the emails from their own servers, setting the From line to whatever they want.
You get the bounce messages because the receiving servers simply follow protocol and send an error report to the From / Reply-To address.
If you examine the Received headers from the original message, you'll see the messages were never sent from the Google servers.
There have been attempts, such as DomainKeys, to provide systems that allow people to verify that an email was sent by the reported sender, but these completely rely on the receiving servers implementing them. At best, many servers only implement these systems to help mark spam.
Welcome to the Internet