The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spoofed emails

Discussion in 'E-mail Discussions' started by GoWilkes, May 23, 2011.

  1. GoWilkes

    GoWilkes Well-Known Member

    Joined:
    Sep 26, 2006
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I'm getting a ton of returned emails, where my address is obviously being spoofed. I'm concerned, though, about the last line in this header:

    Content-Type: multipart/mixed; boundary="----------10D10B6C192055DB"
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - gator325.hostgator.com
    X-AntiAbuse: Original Domain - eurotherm.it
    X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
    X-AntiAbuse: Sender Address Domain - example.com

    Where example.com is my domain.

    Is this any reason for concern, or is it just grabbing the domain name of the reply email?

    TIA,

    Jason
     
  2. ckh

    ckh Well-Known Member

    Joined:
    Dec 6, 2003
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Phoenix, AZ
    cPanel Access Level:
    DataCenter Provider
    Not much you or anyone else can do about spoofing. The Sender address domain, is simply the domain name in the email address. It shows that the originating domain to be eurotherm.it, so I wouldn't worry about it.
     
  3. astopy

    astopy Well-Known Member

    Joined:
    Apr 3, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Turning on SPF might help, but there's not really anything you can to to prevent it entirely.

    The Sender Address Domain header, as far as I know, is just the domain which was specified by the sender in the MAIL FROM command (i.e. easily faked, but it's added to the email headers since it can be different to the user-visible From header).
     
Loading...

Share This Page