As I mention over on Capulet’s weblog, I suspect that our domain is being used for email spoofing. We’re getting a lot of bounced email messages that appear to be sent from bcapulete@capulet.com.
It’s not like our email server has been hijacked–spammers are just making it appear that emails are coming from our domain. I suspect the origin of this is coincidental, not malicious. Juliet@capulet.com is a common test email address for Jabber developers, so I’d guess it’s inspired by that.
I’ve become aware of this development because we’re using Gmail for Domains, and I receive everything that’s sent to <not an account>@capulet.com.
I’ve done some reading, and it looks like there’s nothing you can do about it except ride it out.
DarrenBarefoot.com 
Correct – there’s not a whole lot you can do. There are some verification schemes in place that can look up the IP of the domain you claim to be from and then compare it to the relay that the mail passed through last, but these haven’t gained full industry acceptance. These have to live at the ISP of those checking mail, though, so there’s not much you can personally do.
This is known as aJoe Job, and as Wikipedia recommends, the best course of action would be to create an informative page on your site that addresses people’s concerns (if people have contacted you over this).
Chris: Thanks for that. Yep, we blogged about it on Capulet.com, though nobody’s actually contacted us yet.
I’ve had exactly the same problem… What’s worse is that they are using random email addresses with my domain. That sucks, because I use my catch-all account actively so that I can track who is using what email address, or selling it.
I’ve set up some spam filters on my mail server to filter through some of the “undelivered mail” that gets returned to me.
I’ve had the same problem. A sysadmin left a great response on my blog with a few things you can do on a domain level.
http://www.mynameiskate.ca/2006/09/my_domain_has_b.html#comment-23135322
Good luck!
Kate: Thanks for the tips. As it turns out, we’ve already got SPF records set up on the DNS, but I’ll check out this DomainKeys business tomorrow.
Yep, same with me. Received about 500 e-mails one day via my catchall on a political site. Luckily 2 days later the barrage stopped.
Also, I’ve had a few corporate clients who have had their domains added to spammer list because of a spoof, and now anti-spam programs are blocking them.
Dan: This is a good example of why straight blacklisting isn’t very effective – false positives.
Hey,
What *may* help is publishing an SPF record for your domain, that’ll reduce a lot of the fake mails from going out, but it depends on the receiving end to honour the SPF record. A lot of businesses are moving to using it to combat phishing(especially in the financial services industry – I recently used to work for a email outsourcing company that handled the mail for a large international bank and that was one of the solutions we used for their anti-spam). read up on it at openspf.org
I have a file in my temp internet files named cookie: bob@darrenbarefoot.com
I can’t delete it, yet.