Email issues; Spam being sent from my domain, but email address does not exist

malloc

Member
Nov 29, 2012
11
0
1
cPanel Access Level
Website Owner
Hi

I have a little problem here. I received two emails with a virus attached to them. However, when looking at the sends email address, it is from my own domain, being sent to my real email address. For example,

The domain is anondomain.com
My real email address is [email protected]

I received an email to [email protected], from

[mailto:[email protected]]

with a virus attached to it. I have SPF records enabled, and smtp restrictions. What could be the cause of this?
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Hello :)

Are you able to view the full message header to see more details about the server the message originated from? While having a SPF record is helpful, you have to enable the following option in "WHM Home » Service Configuration » Exim Configuration Manager" under the "ACL Options" tab to reject mail from senders that fail a SPF check:

"Reject SPF failures"

This will reject mail at SMTP time if the sender fails SPF checks.

Thank you.
 

malloc

Member
Nov 29, 2012
11
0
1
cPanel Access Level
Website Owner
Great, thanks! I went in there and noticed that you are right, the "reject spf failures" was not check marked. The primary concern though was, that this email looked as if it were send by my own domain, an email address that didn't really exist, and it actually went out (although to myself). So it makes me wonder if emails are going out in my name, and also how I can stop that from happening

Also, unfortunately I do not have the message full headers of the email
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
SPF records do not stop actual attempts to spoof your email address. It's simply a verification method that mail servers can use to determine if a message is from a legitimate IP address. If a mail server does not use SPF checking, then it's possible a spammer could spoof your email address. This is a common practice. You will need to review the actual message headers to get a better idea of where the email originated from.

Thank you.