spoofed sender, randsom email
Is there any way of stopping this happening.
A randsom email supposedly from self to self, stating words along the lines 'I'm a hacker, and i've taken control of your email, pay me now' etc etc
I checked the headers and can see where it really came from, but my end user wouldn't know how to do this, so really assumed it was true.
Even with SPF and DKIM configured on the account, this randsom email still made it through to one of my users.
Would 'Allow DKIM verification for incoming messages' fix this ?
To: dean@user.com
Content-Type: multipart/related;
boundary="6778796521411084-84DCB270D24"
MIME-Version: 1.0
From:
Would 'Allow DKIM verification for incoming messages' fix this ?
-
Ya, it's really annoying. A bunch of our clients have received this same "ransom" email over the past few days and they're blowing up our support. Any way to fix this globally? It's from/to their own email addresses. 0 -
Hi @backhousemedia and @keat63 You may want to try some of the suggestions noted in the following threads: Thanks! 0 -
In my case, it didn't actually come from self to self, it did in fact come from an email address with a Turkish TLD. But as the sender address was spoofed, to my end user, it looked like it came from his own mailbox. Reading at least all way through the first thread, it seems there is no solid solution. Searching mail scanner, I've seen a few instances of this, and one thing I notice, is that the actual ransom, is not text, but is in fact a jpg image. Maybe in the short term I could create a simple rule to combat this. 0 -
In my case, it didn't actually come from self to self, it did, in fact, come from an email address with a Turkish TLD.
That's exactly what spoofing is! It can look different but essentially it's when someone modifies the headers to make it appear that your domain or you (or another party entirely) is sending the offending mail. SpamAssassin should be able to flag this behavior as spam though I did note that you indicated you're using mail scanner. I believe mailscanner should have settings for this as well.0
Please sign in to leave a comment.
Comments
5 comments