Email delivered to my default address, is this a problem on my server?

GoWilkes

Well-Known Member
Sep 26, 2006
557
21
168
cPanel Access Level
Root Administrator
I have the default emails for my main domain being forward to a Gmail account, so I can just keep up with any issues.

Today I found one that is obvious spam, but Gmail shows:

from:Fake <[email protected]> via mydomain.com
to:[email protected]
date:Jun 3, 2020, 10:09 PM
subject:Hi!
signed-by:mydomain.com
security: Standard encryption (TLS) Learn more


It has been too long for it to show up under Sent Relayers, but I see it under Mail Statistics Summary. There, I only see:

1​
mailbox.gr[178.33.249.125] [email protected]gmail-smtp-in.l.google.com[74.125.192.27] [email protected]


(Those are real IPs... the first belongs to RIPE, the other belongs to Gmail. Neither belong to my server)

So there it seems like plain old spam, but the fact that Gmail shows "via mydomain.com" really throws me off.

What do you guys and gals think?
 

Handssler Lopez

Well-Known Member
Apr 30, 2019
51
18
8
Guatemala
cPanel Access Level
Root Administrator
the way cPanel displays it is correct.

The Spam message is received in yourdomain.tdl and this Spam message is forwarded from yourdomain.tdl to [email protected] this is the reason why in my case I do not recommend re-sending to accounts outside the domain or server since if you receive many emails and some with a high spam score, the domain or server marked as spammer will be yours.

To avoid inconvenience, add the account or domain in general as a secure sender in gmail.
 
  • Like
Reactions: cPSamuelM

GoWilkes

Well-Known Member
Sep 26, 2006
557
21
168
cPanel Access Level
Root Administrator
Hmm. I'll try.

I own the server, so I have access to both WHM and cPanel for the domains. At my main domain, I have set up a few email addresses, and anything email that's sent to something other than those addresses goes to a Gmail that I set up to be a default. That Gmail mostly gets junk mail, but I check it every so often to make sure something good didn't go there.

When I checked it a few days ago, I saw the one email that was sent from a spam address and to some address I don't know; maybe it was BCCed to an address on my domain? I don't know. But the concern was the Gmail showed the headers with "via mydomain.com", and then "signed by: mydomain.com" (but of course it had my actual domain name, not literally "mydomain.com").

So I'm not sure if my server has a breach and it's actually sending out spam? If not, I don't understand how the Gmail headers have my domain name in them.
 

GoWilkes

Well-Known Member
Sep 26, 2006
557
21
168
cPanel Access Level
Root Administrator
Oops, sorry Handssler, I was replying to @keat63 while you were replying :)

I understand what you're saying, that makes sense. I didn't think about my domain being considered a spammer because of that! I guess I need to come up with a better alternative...
 
  • Like
Reactions: cPSamuelM

cPSamuelM

Technical Analyst Team Lead
Staff member
Nov 20, 2019
196
38
103
USA
cPanel Access Level
Root Administrator
Hello @GoWilkes

One alternative to forwarding mail to Gmail is to simply uses Gmail's POP3 functionality to add the email account that was created on your cPanel server to your Gmail account. You can find instructions for doing this on the following page:

https://support.google.com/mail/answer/6078445

Please let us know if you have any questions.