Why so many people are currently receiving emails from “Björn Bauer” and what is really behind it

In recent days, numerous individuals and companies have received emails seemingly from me, Björn Bauer (Velometrik GmbH). These messages give the impression that I have contacted them directly or even sent spam. This is not true. These emails were not sent by me or Velometrik GmbH.

What really happened

A major spam wave is currently sweeping through so-called mailing lists, including Google Groups. These involve adding unauthorised email addresses to lists. From there, emails are automatically sent to all registered addresses. The sender address is randomly chosen to look like a real person, in this case "Björn Bauer | Velometrik GmbH".

This creates the impression that I personally send emails, even though the messages actually come from spam servers or bots. Neither I nor Velometrik ever sent or initiated these emails.

Why this is particularly insidious

These spam emails aren't sent by a single hacker. They're created by automated replies from legitimate mail servers. Someone uses a large list of legitimate addresses, enters them as both senders and recipients, and triggers a chain reaction. Each server replies to all the others, creating a massive volume of emails even though no one is actively writing.

What we have done specifically

We have implemented all technical security measures to prevent third parties from misusing our domain as a sender.

1. SPF entry

To ensure that only our own mail servers are allowed to send emails on behalf of velometrik.de, we have stored the following SPF entry in the DNS:

v=spf1 a mx include:_spf.your-server.de -all

This entry instructs receiving servers to only accept emails that actually come from our servers.

2. DKIM signature

Additionally, our mail servers digitally sign all outgoing messages with a DKIM key. The public key is published in the DNS under the following entry:

 default._domainkey.velometrik.de

This allows every receiving server to check whether an email really comes from us unchanged.

3. DMARC policy

To ensure that fake emails are immediately rejected, we have activated a strict DMARC policy:

 v=DMARC1; p=reject; sp=reject; pct=100; adkim=s; aspf=s; rua=mailto:dmarc@velometrik.de

This means that all emails that do not comply with our SPF and DKIM rules will be blocked by the receiving servers.

4. Unsubscribe from Google Groups

Some of the spam emails originated from abused Google Groups. We read the "List-Unsubscribe" line in the email headers and sent a simple email to the address listed there with the content

 unsubscribe

This successfully removed us from these lists. We have also reported the affected groups to Google so that they can be permanently closed.

5. Filter rules against returns

As long as the spam wave continues, we filter all automatic returns (sender "mailer-daemon@" or "postmaster@") on the server side so that these messages do not even appear in the inbox.

Our systems were never compromised. This was purely a case of misuse of the sender address, which has since been technically stopped.

What those affected can do

If you have also received such emails:

1. Don't reply. Every reply will result in further automated emails.
2. Search the email for "List-Unsubscribe." There you'll find an address to which you can simply send the word "unsubscribe" to unsubscribe.
3. Mark the message as spam. This will help your email provider better identify and filter out similar emails in the future.

Conclusion

We regret any confusion this may have caused and thank you for all your feedback. Such incidents are unfortunately not uncommon, but transparency is important to us. We don't want anyone to believe that this spam actually originates from us.

Björn Bauer
Managing Director, Velometrik GmbH