Question
A phishing email may be sent from an unrelated third party posing as a reputable business to compromise the security of the account in question. This article covers how to distinguish between legitimate emails from cPanel and spoofed emails only claiming to be from cPanel.
Answer
If the email looks suspicious, it more than likely did not come from cPanel. That said, this can be checked via the email headers. The article below covers how to locate the headers for the email.
The headers show which server sent the email. Since we are using Outlook for mail, the email should come from one of the Outlook servers. An example of this is shown below.
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2091.outbound.protection.outlook.com. [192.0.2.0])
Additionally, you will want to check that DKIM and SPF passed. Valid records should look something like the following:
dkim=pass header.i=@cpanel.net header.s=selector1 header.b=fI5f9kNG; arc=pass (i=1 spf=pass spfdomain=cpanel.net dkim=pass dkdomain=cpanel.net dmarc=pass fromdomain=cpanel.net); spf=pass (domain.tld: domain of account@cpanel.net designates 192.0.2.0 as permitted sender) smtp.mailfrom=account@cpanel.net;
If you have any doubts about whether an email claiming to be from cPanel is legitimate, please do not click on any links or open any attachments contained within the said email, as these may prove to be malicious.
Comments
0 comments
Article is closed for comments.