Backscatter Spam Issue Prevention and Email Spoofing Protection

Answered

Para Dx

• March 14, 2025 01:03

Hi everyone,

Recently, we have been experiencing a high volume of email spoofing and backscatter spam. Some attackers have been spoofing our email addresses to send messages to non-existent recipients, causing a flood of delivery failure notifications in our users' inboxes. This has led to significant frustration among our users.

To mitigate this, we have already set our SPF record to "-all" and configured our DMARC policy to "p=reject." However, these measures have not been fully effective.

We are looking for systematic solutions to further prevent these spam emails from reaching our users. Specifically, we would like to know if there are any effective options available through the cPanel Management Portal or other best practices we can implement.

Any recommendations or guidance would be greatly appreciated.

Thanks!

• 

  William Del Piero cPanel Staff

  • March 14, 2025 15:00

  Hi,

   

  Although it's impossible to fully prevent spoofing and Backscatter mail, there are some settings you can enable to help mitigate the effects, I will include a list below:

  • Enable DKIM validation/Reject invalid DKIM signatures (WHM > Exim Configuration > ACL Options)
  • Enable Greylisting (WHM > Greylisting)
  • Set the Initial default/catch-all forwarder destination to Fail (WHM > Tweak Settings)
  • Sender Verification (not callouts, just verification which can be enabled via WHM > Exim Configuration Manager)
  • Enable SpamAssassin for SPF checks (cPanel > Spam Filters)

   

  Since you've indicated the attackers are spoofing email addresses at your domain, it could be worth checking your server just to ensure there aren't any PHP scripts sending spam emails. We have a script below which can be useful for this:

   

  Using cPanel's Mail Status Probe (MSP) script to diagnose spam related issues

   

  1

Please sign in to leave a comment.