someone use my user domain outside of server for sending email

esultanzada

• April 06, 2025 07:56

Hello,

I am facing a problem with one of my user that someone use its official domain sending email outside the server.

for example my user email is user@domain.com and the spammer also send to him email as user@domain.com and when I see the header message its server spam ip and spam domain behind the mail, is there any way to block it? recently spammer send email from finance@domain.com that even not exist in my user account at all but he is sending email like that. I really appreciate if anybody experience such thing and tell me the solution.

• 

  cPRex Jurassic Moderator

  • April 07, 2025 13:27

  Hey there!  Unfortunately there isn't a way to completely stop this from happening:

  https://support.cpanel.net/hc/en-us/articles/4403847219991-Can-Spoofed-Email-be-completely-avoided

  I would work through the tools we've mentioned here:

  https://docs.cpanel.net/cpanel/email/email-deliverability-in-cpanel/

  to ensure your mail system is as secure as it can be.

  0
• 

  mtindor

  • April 07, 2025 15:11
  • Edited

  You do want to make sure that the domain for user@domain.com has proper SPF, DKIM and DMARC set up -- with the DMARC record likely having at least a p=quarantine to tell other mail systems to quarantine.

  However if user@domain.com is receiving falsified / spam emails FROM user@domain.com, then the local server is allowing that.  You have options, but they aren't always pleasant options.

  1.   You should use some reputable DNSBL/RBLs to block mail outright from known spam sources.  Here in the US I use b.barracudacentral.org and zen.spamhaus.org to block a lot of illegitimate email traffic.   Depending upon where you are in the world, those may not be the most effective options

  2.    WHM --> Exim Configuration Editor --> ACL Options

  a.  Allow DKIM verification for incoming messages

  b.  Reject DKIM failures

  The caveat with 2 (and specifically 2b) is that you will likely have companies/people sending emails to your users that are legitimate but fail DKIM for some reason.   If you have the server reject those messages, your clients might whine and complain to you and threaten to leave because you blocked a legitimate email.

  3.   SpamAssassin

  Modify spamassassin rule scores having to do with failed SPF, DKIM and DMARC so that those emails either are sure to be tagged as Spam by SpamAssassin

  And if you do this all via SpamAssassin by assigning high scores, you could use:

  WHM --> Exim Configurator --> ACL Options

   

  Apache SpamAssassin™ reject spam score threshold [?]            (set a score where it will be REJECTED)

   

   

  0

Please sign in to leave a comment.