Spam send from mydomain to mydomain
Hello,
Recently I see that from a particular domain example: mydomain.com someone (remote) sends email to mydomain.com email address..
Example: I have an email account info@mydomain.com
The spammer send me an email as: info@mydomain.com
The headers:
I think is a spoof email but the strange in all that is that the message-id at the end has the mydomain.com!! How it is possible? Also I have spamassassin that mark that message as spam but how this remote user can send a message like that? Any advice is highly appreciated!!
From:
To:
Subject: Something
Delivered-To: info@mydomain.com
Envelope-to: info@mydomain.com
Message-ID:
.....
Return-Path:
Return-Path:
X-Mailer: Microsoft Outlook 14.0
X-Spam-Flag: YES
...
...
...
1.5 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
I think is a spoof email but the strange in all that is that the message-id at the end has the mydomain.com!! How it is possible? Also I have spamassassin that mark that message as spam but how this remote user can send a message like that? Any advice is highly appreciated!!
-
1.5 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) The SPF is not passing. When SPF doesn't pass there is a good chance the email will go to spam/junk because it can't verify the sender. Have you set up SPF? 0 -
Thanks for the reply! Yes the message marked as SPAM message. But I can't understand how someone can make message-id at the end have sign of mydomain.com! I see that this email delivered from -remote- and not local. That I think seems that the account is not hacked. But I can't understand 1st why the server deliver that message (I have spf configured) and 2nd how the -remote- sender make message-id seems that is from mydomain.com!! 0 -
Hello, One option to consider is Sender Verification Callouts, found under the "Mail" tab in "WHM >> Exim Configuration Manager >> Basic Editor". Per it's description: Use callouts to verify the existence of email senders. Exim will connect to the mail exchanger for a given address to verify it exists before accepting mail from it. However, generally the better approach is to implement a technology such as like S/MIME or PGP to sign individual messages. It's not a feature offered in cPanel & WHM directly, and thus would require your email users to setup their email clients to use the technology. Once configured, the user's email client could indicate that a message was not signed (and thus is forged). Thank you. 0 -
Thank you! I will try the first and I'll talk for the second solution to my clients... :) 0
Please sign in to leave a comment.
Comments
4 comments