Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Stop spoofing own URL

Discussion in 'E-mail Discussions' started by keat63, Feb 21, 2018.

  1. keat63

    keat63 Well-Known Member

    Nov 20, 2014
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    We don't utilise DKIM as we find it can block legitimate email.

    Today, I picked up on a spoof from, who doesn't exist, and I guess my staff would also pickup knowing that we don't have anyone here called Zac.
    The headers would indicate it came from elsewhere, but my staff wouldn't know how to find the headers.

    This got me thinking though, can any filters or checks be put in place (other than DKIM) that would check the existance of the account before accepting the mail.

    ie, doesn't exist, so couldn't possibly send an email.
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator

    One option to consider is Sender Verification Callouts, found under the "Mail" tab in "WHM >> Exim Configuration Manager >> Basic Editor". Per it's description:

    Use callouts to verify the existence of email senders. Exim will connect to the mail exchanger for a given address to verify it exists before accepting mail from it.

    However, generally the better approach is to implement a technology such as like S/MIME or PGP to sign individual messages. It's not a feature offered in cPanel & WHM directly, and thus would require your email users to setup their email clients to use the technology. Once configured, the user's email client could indicate that a message was not signed (and thus is forged).

    Thank you.

Share This Page