The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

deleting old email forwarders doesn't stop spam

Discussion in 'E-mail Discussions' started by JohnnyBob, Nov 11, 2012.

  1. JohnnyBob

    JohnnyBob Active Member

    Joined:
    Oct 13, 2006
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    I keep a large number of email forwarders and have deleted some of the older ones a long time ago. However emails are still being sent to those old addresses by spammers. They are received and stored by my domain host, or discarded with an undeliverable notice to sender, depending on the cpanel setting. The cpanel setting is not too obvious. It is found at the bottom of the forwarder screen as a link where it says: If you wish to set your default address, or "catch-all," please click here to be taken to the Default Address page. The link is to the following cpanel screen:
    Code:
    Set Default Address
    
    The default email address will "catch" any mail that is sent to an invalid email address for
    your domain. To send all default mail to the main mail account, type the username of your
    cPanel account into the "Forward to email address" field.
    
    Default Address Maintenance
    Send all unrouted email for:
    Current Setting: :fail: No such person at this address
    
    Discard with error to sender (at SMTP time)
    
        Failure Message (seen by sender): 
    
    Forward to email address
    
        Forward to email address:
    
    Advanced Options »
    
    Normally I use the "Current Setting: :fail: No such person at this address" setting, so incoming mail to my domain for which there is no current forwarder is bounced back to sender with an undeliverable message. However that does not stop the spammers from sending to those old forwarder addresses, which is easy to determine by temporarily changing to setting to allow all messages to come through. In a 2 month period I received over 1,000 spam messages in that fashion sent to old outdated deleted email forwarders.

    My question is: Is there any way to really totally kill those old forwarder addresses so that nobody can ever send email to them again? I suppose that might involve some kind of technical manipulations of the email forwarders, Mx entries or whatever they're called(?), which is beyond my understanding.

    Thanks.
     
    #1 JohnnyBob, Nov 11, 2012
    Last edited: Nov 11, 2012
  2. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    No, you can never stop someone from trying to send to an address. The best you can do is make the address nonexistent and disable any catchall. Seriously though, who cares if they attempt to send to a nonexistent address as long as it is rejected during SMTP time? Even if they were sending many messages a second to that nonexistent address, it wouldn't be an appreciable load on the server since it's rejecting during SMTP and not scanning any of those messages prior to rejection. And, if they were sending many messages a second to the nonexistent address and you had rate-limiting turned on, that's even better.

    M
     
  3. JohnnyBob

    JohnnyBob Active Member

    Joined:
    Oct 13, 2006
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for the info.

    Obviously some spammers don't check to see what is undeliverable and remove those addresses from their lists. If there were some way to totally kill all those non-existent addresses, that would remove a burden on the email system (servers). Otherwise, I don't care.

    You say "...if they were sending many messages a second to the nonexistent address and you had rate-limiting turned on, that's even better."

    I am not familiar with "rate limiting". How would I turn it on, and are there any other consequences?

    I do not like to activate spam shields in general because I lose too many legitimate emails that way. The forwarder method has worked very well for me over the years because all addresses are easily disposable and changable. If I use a unique email forwarder address for each person, then I know exactly where each spam leak originated. It is a bit tedious but I generally use that method. It's very rare that I receive a spam message now, no more than 1 per month on average.
     
  4. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    If you aren't the server administrator [root], there isn't much you can do with regard to setting rate limiting or manipulating any other antispam measures. If you do have root [WHM] access then you can go into the Exim Configuration Editor and enable rate limiting and do a lot of other things to help alleviate spam. If you have root access, the use of reputable DNS blacklists and rejection of messages who are HELOing in ways they shouldn't [all adjustable via Exim Configuration Editor in WHM] as well as rate-limiting hosts really does a lot to nail a ton of the spam.

    Of course, if you don't like to activate spam shields because you lose too many legitimate emails, then either you aren't in the US [which I realize is quite possible] or somebody doesn't have something configured right. Antispam measures on cPanel are better than any built into any other web hosting platform, and if tuned right can really do a nice job curbing spam. Of course, nothing can beat a standalone dedicated box (like a Barracuda) or external spam filtering (MessageLabs, Postini, etc.).

    Your method of using forwarders can be effective. I never bother to do that, but if I were to create a new email account somewhere in the future I'd probably consider doing that.

    M

     
Loading...

Share This Page