Fake Return-Path header address

psytanium

• January 21, 2017 10:21

Hi, I'm running a VPS server, 1 of my clients called me today, he was exposed to a phishing scam, he sent a big amount of money to a wrong IBAN number. I checked the conversation emails, I found the FROM address is coming from a trusted well-known (Company A) but in the Return-Path there is a fake email address (somename@example.ae) My questions: Where did this fake email in Return-Path come from ? Who's guilty ?

]
• My server ?
• My client (For not looking in the email header) ?
• My client computer (MS Outlook, Windows, Antivirus) ?
• Company A mail server ?
• Company A computer (Sending emails with injected Return-Path) ?

How can I know ? Please help Thanks

• 

  psytanium

  • January 25, 2017 07:21

  I setup SPF, DKIM and DMARC. Still receiving spoofed emails. What should I do ?

  0
• 

  cPanelMichael

  • January 25, 2017 17:01

  I setup SPF, DKIM and DMARC. Still receiving spoofed emails. What should I do ?

  
  Hello, These records will help remote mail servers verify the integrity of emails from your domain name. However, if you want to verify incoming emails, you'd need to consider enabling SpamAssassin (it includes SPF verification), and also consider enabling the following option under "ACL Options" tab in "WHM >> Exim Configuration Manager >> Basic Editor": Reject DKIM failures This option and other potentially useful options are documented at:

  0
• 

  psytanium

  • January 25, 2017 22:51

  Hello, These records will help remote mail servers verify the integrity of emails from your domain name. However, if you want to verify incoming emails, you'd need to consider enabling SpamAssassin (it includes SPF verification), and also consider enabling the following option under "ACL Options" tab in "WHM >> Exim Configuration Manager >> Basic Editor": Reject DKIM failures This option and other potentially useful options are documented at:

  0
• 

  cPanelMichael

  • January 26, 2017 14:22

  if i trurn on "Allow DKIM verification for incoming messages" and leave "Reject DKIM failures" turned off. What will happen to the emails ?

  
  This allows Exim to check the DKIM records on incoming messages, but doesn't actually reject emails that fail verification.

  What does it mean "This verification process can degrade your server's performance." ? It will slow down the mail exchange ? Websites and apps ? Ftp transfer ?

  
  It can lead to increased CPU usage and potentially slow email delivery due to the extra work required for Exim to verify DKIM records for incoming emails. You are more likely to see an issue on systems with high volumes of incoming email.

  Do you think A new version of MS Outlook, Windows and Internet Security will make any difference regarding those emails ?

  
  The email client itself won't prevent the delivery of spoofed emails. Thank you.

  0

Please sign in to leave a comment.