What Is Happening?
Spammers sometimes try to fake the sent from and reply addresses to make it look like the emails come from a reputable address. If you checked the header, however, you would see they actually originate from a spamming address. Spammers do this to misdirect complaints and avoid emails bouncing.
Keep in mind that the vast majority of the time, this type of junk email does not mean that a spammer has taken control of your domain or email addresses. Usually, this is simply a case of a spammer using your email address as a front to obscure the real origin of the email.
To learn more about how spoofing works, check out this LifeHacker article.
You can also assure yourself that your domain is secure by looking at the header of the offending email to discover its origin. You can find out how to do this, visit this Google article.
How Do I Limit Junk Emails Sent From My Address?
SPF Records
SPF (Sender Policy Framework) is a list of IP addresses that are allowed to send emails for a specific domain. This list helps other servers check the validity of incoming emails.
For more information on SPF records and how to set one up on your domain, check out our What is an SPF Record? article. You can also have SPF check all incoming mail so that you don't receive these types of messages. To do this, see our Blocking Junk Mail with SPF article.
DKIM Records
DKIM records are only compatible with VPS and Dedicated accounts.
DomainKeys Identified Mail (DKIM) is a custom DNS record that stamps your emails will a digital signature key.
The signature key is stored in your email’s headers and will be checked by receiving servers. If the signature doesn’t match the one on your server, the receiving server will reject it.
This makes it much more difficult for spammers to spoof your domain.
If you want to learn more about DKIM, read this Return Path article.
If you want to set up a DKIM record, check out this Return Path article.
DMARC Records
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a custom DNS record. It can be used once you have SPF and DKIM records set up.
DMARC works with both SPF and DKIM to make sure emails are properly validated by receiving servers. It also gives the sender the ability to tell email providers how to deal with mail that fails to pass DMARC’s validation process.
DMARC builds off of the SPF and DKIM records. By doing so, it indicates if the domain should make use of SPF and/or DKIM. Due to extra configuration requirements, DKIM can only be implemented on VPS and Dedicated accounts at this time. However, DMARC can be implemented on Shared Hosting accounts by using SPF alone. Learn more about the implications of using SPF alone for DMARC in this article.
To learn more about DMARC, check out this Return Path article.
Interested in setting up a DMARC record? Check out this Return Path article that shows you how to set up DMARC in just 15 minutes.