When emails are set to be "From" an email address on your domain and bounce, they are sent to our servers at evolvingmedia.com, attempting to deliver themselves to that mailbox. Generally, you will never see these emails; however, if the email spoofer happens to configure the "From:" header to be a real email box, the bounce will come back to your mailbox and you will receive the email.
Luckily spam filters know that and do not penalize people based on the "From" address. They instead use IP addresses and other indicators to decide who to ban. So unless the spam is coming from your email account, server or hosting account, you would not be penalized for someone spoofing your email address. Individual users can still filter or block your email address, but modern spam filters do not work that way.
These email spoofers are tracked down from the server that is used to authenticate from originally. That server gets reported to Email Realtime Black Lists (RBLs), and the spoofing emails stop.
How to Resolve the Email Spoofing
To resolve email spoofing there are two methods, creating a catchall or an SPF record. The catchall (Default Address) can resolve the issue only on a short term basis and is not recommended to be used otherwise. Creating an SPF record would be best for a long term solution as the DNS would catch unverified users trying to send email for your domain and prevent it from being sent out.
Partial Solution
If you have Default Address enabled, you can set every catchall to :fail: no such address here. This will stop you from getting the bounceback, but the real problem may not be solved.
If you do not have Default Address enabled, you will not need to worry about making this adjustment since our system is automatically set to return messages with the :fail: no such address here response.
Full Solution
You will need to create an SPF record to resolve the issue fully. An SPF record is an entry added to the DNS zone for a domain. This record verifies that a user has permission to send mail from a domain, preventing email from being spoofed for your domain.
