DC wants to null route my server IP because of Spoofing

Wabun

Well-Known Member
Oct 6, 2012
92
5
58
Antwerpen
cPanel Access Level
Root Administrator
Hi,
Sadly one customer stopped using O365 but forgot to modify all DNS records in his domain name and in particular the SPF record. As a result we got warning from spamcop and a threatening email from the DC to nullify our server IP with as net result all other customers will also be effected. Not to talk about the stress and feeling hopeless, will nullify actually stop a spammer who spoofing this domain name in his spam emails in his tracks and why or how does this works?
Any help much appreciated.
 
Last edited:

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
1,045
112
118
Houston, TX
cPanel Access Level
Root Administrator
Hello! Nullifying the IP would likely stop all email functionality, but I can't be certain. What did your Webhosting provider tell you that "nullifying" the IP would entail? Their definition of nullifying an IP might be different than others. Did they provide you with any other options for email? Also, is this a shared hosting environment?

Thanks!
 

Wabun

Well-Known Member
Oct 6, 2012
92
5
58
Antwerpen
cPanel Access Level
Root Administrator
Hiya, well my concern was if the server IP [yes, shared hosting indeed] was nullified, would that really stop spammers making use of the wrongly configured SPF record for that one domain? Would it 100% stop the spamming? Regards your question about options, no they did not provide any other option and from gxxgle around I understand it would mean all websites and email and all other services would be unreachable for outside world, hence I put question here to find out if that null routing would really stop spammers around the globe to misuse it.
 

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
1,045
112
118
Houston, TX
cPanel Access Level
Root Administrator
Hello! If the IP was nullified, I believe that would prevent spamming. Without an IP address to route through, the SPF record can't ultimately resolve since the referenced IP address be useable.

However, it sounds like there may be a compromised email account or another issue happening here. Would your hosting provider be able to open a ticket with cPanel directly so we can investigate?
 

Wabun

Well-Known Member
Oct 6, 2012
92
5
58
Antwerpen
cPanel Access Level
Root Administrator
Hi, so it would render the spammer spoofing useless?
I have the SPF and other records changed asap to reflect the new situation of no longer O365. so the issue is sorted.
DC has confirmed the case is closed, but it feels a bit awkward that my business can cut short like that.