The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Bounced email, even though i didn't send it.

Discussion in 'E-mail Discussions' started by keat63, Jan 23, 2015.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I found a number of bounced emails today on my personal domain.
    I've not sent these, none of the names are valid email accounts.
    VALDO_PC is not a recognised computer.
    I don't recognise the IP either, which incidentally appears to be from Mexico 5500 miles way.

    They are obviously spoofing my domain name and using it as the return and unsubscribe address.

    Firstly, is there anything I can do to stop these, even though i'm pretty confident that they haven't originated from my server.
    And could these harm the reputation of the domain ?

    (HTML content has been removed)


    Code:
    Received: from BY2PR01CA0043.prod.domain.com (10.255.242.33) by
     BN1PR01MB246.prod.domain.com (10.242.213.15) with Microsoft SMTP Server
     (TLS) id 15.1.59.20; Tue, 20 Jan 2015 01:25:15 +0000
    Received: from BN1AFFO11FD022.protection.gbl (2a01:111:f400:7c10::137) by
     BY2PR01CA0043.outlook.domain.com (2a01:111:e400:2c76::33) with Microsoft
     SMTP Server (TLS) id 15.1.59.20 via Frontend Transport; Tue, 20 Jan 2015
     01:25:14 +0000
    Received: from VALDO-PC (201.166.200.121) by
     BN1AFFO11FD022.mail.protection.outlook.com (10.58.52.82) with Microsoft SMTP
     Server id 15.1.75.11 via Frontend Transport; Tue, 20 Jan 2015 01:25:12 +0000
    From: Karina <[COLOR="#FF0000"]yvette.someuser@mydomain.co.uk[/COLOR]>
    To: <yvette.someuser@domain.com>
    Subject: Hi, my dear friend!
    Date: Mon, 19 Jan 2015 19:25:12 -0500
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    	boundary="MIMEBoundarya3ec53c3028505419fa43e2dde0eace7"
    List-Unsubscribe: <mailto:leave-634821292b431c923c7f9a8316d8bab3@mydomain.co.uk>
    Reply-To: <[COLOR="#FF0000"]yvette.someuser@mydomain.co.uk[/COLOR]>
    Message-ID: <D95DB-77020983-95436019-2015.01.19-19.25.12-yvette.someuser#domain.com@VALDO-PC>
    Return-Path: [email][COLOR="#FF0000"]yvette.someuser@mydomain.co.uk[/COLOR][/email]
    X-EOPAttributedMessage: 0
    Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
     [COLOR="#FF0000"]mydomain.co.uk[/COLOR] discourages use of 201.166.200.121 as permitted sender)
    Authentication-Results: spf=softfail (sender IP is 201.166.200.121)
     smtp.mailfrom=[COLOR="#FF0000"]yvette.schmitterymcx@mydomain.co.uk[/COLOR]; domain.com; dkim=none
     (message not signed) header.d=none;domain.com; dmarc=permerror action=none
     header.from=mydomain.co.uk;
    X-Forefront-Antispam-Report: CIP:201.166.200.121;CTRY:MX;IPV:NLI;EFV:NLI;
    X-DmarcAction-Test: None
    X-Microsoft-Antispam: UriScan:;
    X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(3005004);SRVR:BN1PR01MB246;
    
    
    
    --MIMEBoundarya3ec53c3028505419fa43e2dde0eace7
    Content-Type: text/plain; charset="iso-8859-1"
    Content-Transfer-Encoding: binary
    
    -MIMEBoundarya3ec53c3028505419fa43e2dde0eace7--
     
    #1 keat63, Jan 23, 2015
    Last edited: Jan 23, 2015
  2. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I've done a little digging, and it appears that these are SPF soft fail rejects.
    Changing "~all" to "-all" in my spf record will turn these to hard fails which will then be dropped rather than bounced.
    Is this correct, and are there any implications if i change this ?
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    651
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The consensus is to avoid hard fails on SPF records since it breaks email forwarding unless the forwarding server uses SRS.

    The "~all" entry is generally preferred since it gets messages from non-standard senders bumped up in spam detection systems, but doesn't outright fail them.

    Thank you.
     
  4. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I have run it for a few days with "-all" and those bounce messages have stopped.
    If i enable "~all", can you suggest a way to drop those bounced messages.
    I don't want the house keeping involved with having to delete them
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    651
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page