foil spoofing

keat63

• June 08, 2016 09:00

We've had an SPF fail notice today regarding one of our email addresses. It seems, reading between the lines, that this has been spoofed and rejected because of SPF failure (which is good) The email address in particular is one we would deem a throw away. If we were to throw it away, would this help all in the event that SPF failed ? In otherwords, if the email didn't exist, could it still be spoofed and accepted by other mailservers ?

• 

  amdbuilder

  • June 10, 2016 03:02

  The account existing isn't likely to make much difference with it being spoofed. I would recommend looking into DMARC, when used in conjunction with DKIM and SPF you should be able to stop spoofed emails from your domain. Well, at least control what happens to them on servers supporting DMARC.

  0
• 

  Kailash1

  • June 10, 2016 09:52

  Yes, I agree with amdbuilderaax. You should set DMARC record for your domain.

  0
• 

  keat63

  • June 10, 2016 13:30

  The spoofed email appears to have originated from a server in the same datacentre as mine, which is a bit worrying. I took this up with the server team who said that they couldn't see it ever leaving that server. And that the hackers not only spoofed my email address but also spoofed the server from which it was sent. How would they spoof an IP address, server name, email address and for it all to be in the same data centre. I'm not sure i buy it, but who am i to argue. I did have DMARC configured on one of my lesser used domains, but didn't understand how it worked so removed it. Maybe I'll try again.

  0
• 

  cPanelMichael

  • June 15, 2016 19:21

  How would they spoof an IP address, server name, email address and for it all to be in the same data centre. I'm not sure i buy it, but who am i to argue. I did have DMARC configured on one of my lesser used domains, but didn't understand how it worked so removed it. Maybe I'll try again.

  
  1. Spoofing those fields is possible by manipulating the message headers before sending the message. It's common practice with spammers to find active domain names and send SPAM. You should report the abuse to your data center with a copy of the message headers. 2. Users setting up DMARC records may find the following thread helpful: Dmarc authentication You can vote and add feedback to the existing feature request for DMARC at: DMARC config in email authentication section Thank you.

  0

Please sign in to leave a comment.