Yikes, I never thought I would be saying those words. In fact I didn't even know what that term meant until Monday of this week. Domain spoofing is when somebody hijacks your domain name and sends out spam that looked like it came from you.
Jim and I have a registered domain name. Several years ago Jim and I were thinking about starting our own consulting company and I wanted to develop a website. So we got a domain name and I started playing around with the website. We quickly realized that it was just not practical for us to leave our current company and go out on our own. So I haven't touched the website in almost 5 years, but I still use my email from that site.
On Monday morning I went to check my email and saw over 300 emails that were bounced back from various email accounts that were 'undeliverable'. They were all in reference to a message that looked like it came from "Christine" from my domain name advertising male enhancing drugs. Obviously I did not send out this message so I have no idea why so many of them were being returned as undeliverable.
After a call to my internet provider and web hosting company I was informed that my domain had been spoofed and there is very little that can be done about it. They told me that usually ~5% of the messages are returned to the sender as undeliverable. Since I got about 300 returns they estimate that ~6,000 emails were sent out with my domain name on them.
The good news is that it looks like the hacker only sent one message from my domain and has moved on. Some people will stick with a domain name and use it over and over until it is shut down. Since it is an illegal activity you can get the FTC involved, but since no money is being lost there is not much they will do about it. Especially since the majority of hackers are not from the United States they don't have much autharity to do anything about it anyway.
I just hate the fact that my domain name was used to distribute such spam, and hope that I am not spoofed again. I feel really bad for real businesses that rely on the reputation of their domain name - if they get spoofed it looks like some reputable company is sending out spam.