The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Email issues; Spam being sent from my domain, but email address does not exist

Discussion in 'E-mail Discussions' started by malloc, Jun 5, 2013.

  1. malloc

    malloc Member

    Joined:
    Nov 29, 2012
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi

    I have a little problem here. I received two emails with a virus attached to them. However, when looking at the sends email address, it is from my own domain, being sent to my real email address. For example,

    The domain is anondomain.com
    My real email address is doe@anondomain.com

    I received an email to doe@anondomain.com, from

    [mailto:Xerox.Device0@anondomain.com]

    with a virus attached to it. I have SPF records enabled, and smtp restrictions. What could be the cause of this?
     
    #1 malloc, Jun 5, 2013
    Last edited: Jun 5, 2013
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,674
    Likes Received:
    646
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Are you able to view the full message header to see more details about the server the message originated from? While having a SPF record is helpful, you have to enable the following option in "WHM Home » Service Configuration » Exim Configuration Manager" under the "ACL Options" tab to reject mail from senders that fail a SPF check:

    "Reject SPF failures"

    This will reject mail at SMTP time if the sender fails SPF checks.

    Thank you.
     
  3. malloc

    malloc Member

    Joined:
    Nov 29, 2012
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Great, thanks! I went in there and noticed that you are right, the "reject spf failures" was not check marked. The primary concern though was, that this email looked as if it were send by my own domain, an email address that didn't really exist, and it actually went out (although to myself). So it makes me wonder if emails are going out in my name, and also how I can stop that from happening

    Also, unfortunately I do not have the message full headers of the email
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,674
    Likes Received:
    646
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    SPF records do not stop actual attempts to spoof your email address. It's simply a verification method that mail servers can use to determine if a message is from a legitimate IP address. If a mail server does not use SPF checking, then it's possible a spammer could spoof your email address. This is a common practice. You will need to review the actual message headers to get a better idea of where the email originated from.

    Thank you.
     
Loading...

Share This Page