Email account is receiving lots of spam bounces

pedgarc

Member
Jun 11, 2020
8
1
3
Mexico
cPanel Access Level
Root Administrator
Hello there,

Actually an email account is receiving bounces like this: Mail delivery failed: returning message to sender.

When I see the headers, the bounce is because of is sending spam, but when I search Mail Delivery Reports, and exim_mainlog/maillog, the e-mail log is not there!

Also, the header looks like this:

Mail delivery failed: returning message to sender
From Mail Delivery System on 2021-08-31 21:47
From Mail Delivery System
To [email protected]
Action: failed
Final-Recipient: rfc822;[email protected]_domain.com
Status: 5.0.0
Return-path: <[email protected]>
Received: from [195.33.210.155] (port=45960 helo=dnztech.net)
by nd6.rackslot.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <[email protected]>)
id 1mL21b-0007Qg-QE
for [email protected]_domain.com; Tue, 31 Aug 2021 06:33:57 -0500
Received: from webmail.paksaglik.com (localhost [IPv6:::1])
by dnztech.net (Postfix) with ESMTPSA id D8A34408FB7E;
Tue, 31 Aug 2021 12:26:08 +0300 (+03)
Authentication-Results: dnztech.net;
spf=pass (sender IP is ::1) smtp.mailfrom=[email protected] smtp.helo=webmail.paksaglik.com
Received-SPF: pass (dnztech.net: connection is authenticated)
MIME-Version: 1.0
Date: Tue, 31 Aug 2021 10:26:08 +0100
From: John Doe <[email protected]>

I don't know why the e-mail was sent from webmail.paksaglik.com and envelope-from from my customer email account ([email protected]), any idea about how to stop this?

Thanks in advance, and sorry for my bad english.
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,442
1,004
313
cPanel Access Level
Root Administrator
Hey there! It sounds like your email address was spoofed to send fake messages, and you are receiving the bounceback of those messages. There isn't a 100% guaranteed way to stop this behavior, as spammers often make up addresses at random, but I would recommend ensuring that you have SPF and DKIM records in place. This will ensure that legitimate email you do send is marked as valid, and should eventually help the spammers fake messages get blocked.

Details on how to check the mail deliverability settings can be found here: Email Deliverability in cPanel | cPanel & WHM Documentation
 
  • Like
Reactions: pedgarc

pedgarc

Member
Jun 11, 2020
8
1
3
Mexico
cPanel Access Level
Root Administrator
Hey there! It sounds like your email address was spoofed to send fake messages, and you are receiving the bounceback of those messages. There isn't a 100% guaranteed way to stop this behavior, as spammers often make up addresses at random, but I would recommend ensuring that you have SPF and DKIM records in place. This will ensure that legitimate email you do send is marked as valid, and should eventually help the spammers fake messages get blocked.

Details on how to check the mail deliverability settings can be found here: Email Deliverability in cPanel | cPanel & WHM Documentation
Hello there cPRex! First of all thank you for reply, I have configured SPF, DKIM and SPR records on cPanel, also since yesterday I changed ~all attribute to - all on SPF.

So, in this case we can not do anything right? I found a post about backscatter, is a good idea follow these steps?

Thanks!
 

Attachments