Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Email issues; Spam being sent from my domain, but email address does not exist

Discussion in 'E-mail Discussion' started by malloc, Jun 5, 2013.

  1. malloc

    malloc Member

    Joined:
    Nov 29, 2012
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi

    I have a little problem here. I received two emails with a virus attached to them. However, when looking at the sends email address, it is from my own domain, being sent to my real email address. For example,

    The domain is anondomain.com
    My real email address is doe@anondomain.com

    I received an email to doe@anondomain.com, from

    [mailto:Xerox.Device0@anondomain.com]

    with a virus attached to it. I have SPF records enabled, and smtp restrictions. What could be the cause of this?
     
    #1 malloc, Jun 5, 2013
    Last edited: Jun 5, 2013
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,423
    Likes Received:
    1,960
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    Are you able to view the full message header to see more details about the server the message originated from? While having a SPF record is helpful, you have to enable the following option in "WHM Home » Service Configuration » Exim Configuration Manager" under the "ACL Options" tab to reject mail from senders that fail a SPF check:

    "Reject SPF failures"

    This will reject mail at SMTP time if the sender fails SPF checks.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. malloc

    malloc Member

    Joined:
    Nov 29, 2012
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Great, thanks! I went in there and noticed that you are right, the "reject spf failures" was not check marked. The primary concern though was, that this email looked as if it were send by my own domain, an email address that didn't really exist, and it actually went out (although to myself). So it makes me wonder if emails are going out in my name, and also how I can stop that from happening

    Also, unfortunately I do not have the message full headers of the email
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,423
    Likes Received:
    1,960
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    SPF records do not stop actual attempts to spoof your email address. It's simply a verification method that mail servers can use to determine if a message is from a legitimate IP address. If a mail server does not use SPF checking, then it's possible a spammer could spoof your email address. This is a common practice. You will need to review the actual message headers to get a better idea of where the email originated from.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice