People sometimes reply to scam emails thinking it will help them verify legitimacy, stop the spam, or annoy the scammer back with "Duuh, I know you're a scammer, friend". This is exactly what scammers want.

Why

Replying confirms your email is active. Once they know that, you'll get more attacks. It also signals that you might engage with future messages.
  • Scammers track replies to see who is real and who isn't.
  • Engaging can open the door for follow-up phishing attempts.
  • It gives them data about your habits, devices, or email patterns.

Common Misconceptions

  • "If I reply, they'll leave me alone" - false. You become a target.
  • "I just want to warn them or verify it's real" - false. You can't verify a scam sender safely.
  • "It's harmless to respond once" - false. One reply confirms you exist.

Sometimes It Is Hard To Tell If It Is Spam

Scammers are getting better at mimicking real companies. If you're unsure, it's safer to ignore and verify through official channels (like the company's website or customer service) rather than replying to the email. You can also look for signs of phishing, such as poor grammar, urgent language, or mismatched email addresses.

Still too hard to tell

What you can do yourself:
  • You can dig a bit deeper and check the email headers for more information about the sender. However, this can be technical and may not always be conclusive.
  • You can also look up the domain they're sending from to see if it's associated with known scams or if it's a legitimate company. But again, this can be tricky and isn't foolproof.
  • Look up the DNS records of the domain to see if they match the claimed sender. This can provide additional clues about the legitimacy of the email.

Here's an example:

You can look up the domain's DNS on pages such as DNS Checker . As an example, we can use mybusinessitsolution.com. Looking this up, we see:
  • The MX record points to Google Workspace - which is fine.
  • However, the SOA (Start of Authority) record lists a "responsible email" of kalyanitoursandtravel.gmail.com.

Why this is bad:

  • An SOA record is supposed to point to the administrative contact for the domain - usually a professional address at the same domain (like admin@example.com).
  • Using a random Gmail address in the SOA indicates that the domain is not properly managed by the company it claims to represent.
  • This is a red flag because it shows the person controlling the email infrastructure is likely unrelated to the claimed business - a common tactic for scammers to appear legitimate while keeping full control of their own mail setup.
  • Combined with other signs (mismatched sender address, urgent language, or suspicious links), it's a strong signal the email may be phishing.

What About TXT Records?

  • The domain has a google-site-verification record - that's fine, just proving ownership to Google.
  • It also has an SPF record: v=spf1 redirect=_spf.mailhostbox.com.
  • SPF tells mail servers which servers are allowed to send email for the domain.
  • In this case, it redirects to a third-party mail host. That's not inherently bad, but combined with a random SOA email, it shows the domain isn't fully controlled by the claimed company - a red flag for phishing or spoofing.

What you can take away:

  • SOA records are rarely checked by most users, but they can reveal misconfigurations or malicious setups.
  • Always verify that the "responsible email" matches the company domain. If it doesn't, treat the email with extra caution.
  • Check TXT records like SPF (v=spf1) to see which mail servers are authorized to send email for the domain. Mismatches or redirects to third-party services can indicate potential spoofing.
  • Even if the MX record points to a legitimate mail provider (like Google), SPF and SOA inconsistencies can reveal hidden risks.
  • Combining SOA + MX + SPF checks gives a more complete picture of whether the domain is trustworthy or possibly being abused by scammers.

Takeaways

  • Do not reply to suspicious emails.
  • Mark them as spam or phishing in your email client.
  • Delete them and avoid clicking any links or attachments.
  • Educate yourself on what real communications from banks, services, and companies actually look like.

If You Accidentally Replied

  • Do not engage further.
  • Change passwords for the account you used if needed.
  • Enable 2FA if possible.
  • Monitor for suspicious activity or follow-up attempts.