Spam using envelope-from trick
Hi!
I have SPF, DKIM and DMARC correctly configured on my server.
But it seems the spammers have discovered a new trick to send new spoofed mails using the envelope-from smtp parameter.
They're using on the from field one email address of my smtp server, but the SPF and other security measures seems to be working using the envelope-from address. That seems good but why it's not checking with the from address too.
Any way to say I don't accept external addresses on the envelope-from different that mines ?
Here it's a header of a mail:
Return-Path:
Delivered-To: me@mydomain.com
Received: from server.mydomain.com
by server.mydomain.com with LMTP
id mEbwK/SqJV2UPgXXpPASIQ
(envelope-from )
for ; Wed, 10 Jul 2019 11:08:04 +0200
Return-path:
Envelope-to: me@mydomain.com
Delivery-date: Wed, 10 Jul 2019 11:08:04 +0200
Received: from spamdomain.com ([182.18.153.174]:49617 helo=mail.spamdomain.com)
by server.mydomain.com with esmtps (TLSv1:ECDHE-RSA-AES256-SHA:256)
(Exim 4.92)
(envelope-from )
id 1hl8Zy-0004Mp-Ma
for me@mydomain.com; Wed, 10 Jul 2019 11:08:04 +0200
Received: from [nv-69-69-253-999.sta.xxx.net] ([69.69.253.999]) by xxxx.com with MailEnable ESMTP; Wed, 10 Jul 2019 14:36:06 +0530
Date: Wed, 10 Jul 2019 11:07:49 +0200
Subject: me@mydomain.com
Content-Type: multipart/related;
boundary="vjvegrjt-05D0BE82"
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.12)
Gecko/20100826 Thunderbird/3.0.7
List-ID:
Message-ID:
X-CSA-Complaints: whitelist-complaints@spamdomain.com
From:
Abuse-Reports-To: abuse@spamdomain.com
Errors-To: "ssviram"
X-Sender-Info: spammer@spamdomain.com
Organization: Cdzovjtr
To: me@mydomain.com
-
I see this it's allowed because mailing lists use this trick to send emails. The mailing lists mails have the from field set to the original message creator, but they set the mailing list email as the return-path and the envelope-from. Obviously this trick can be used easily to send emails with forged from address to anybody, including the assumed from address which it's on my smtp domains. Any way to do not allow this kind of trick done with domains I own on my smtp server. I want to say to my smtp server to not allow this envelope-from trick if on the from address it's a domain I own. Regards, 0 -
You could use a filter to do do this - if you wanted to set it to not accept external addresses on the envelope-from different that yours How to Configure Mail Filters - cPanel Knowledge Base - cPanel Documentation 0
Please sign in to leave a comment.
Comments
2 comments