Webmail Notification[Pending Delivery On Your e-Mail]

[Sasa1975]

I received this morning email, with the title "Pending Delivery On Your e-Mail". It comes from email [email protected], and with the text:
"
Dear aleksandar.jevremovic,

You have Three (3) Messages Pending Delivery On Your e-Mail Portal Since: 10 January, 2020.
This messages can be viewed by the subject of each message or proceed to Mail Update Now to Release Message on your e-Mail Account below.

User ID : aleksandar.jevremovic
Domain: domain.com "

They put a table with three emails that "pending", with realistic titles, as you can see below:

Pending: RE: Statement Of Account Notice	To: aleksandar.jevremovic	10-01-2020
Pending: Fw: Proforma Invoice / Contract	To: aleksandar.jevremovic	10-01-2020
Pending: RE: Swift copy Payment	To: aleksandar.jevremovic	10-01-2020

And OK, it's nothing extraordinary, this is kind of titles you can receive every day, and after two simply checks I found out it is a spam (it's simple to see where they want to redirect you), but for a people with less knowledge of basic things about mail security, this kind of mail can be a problem, because most of them will just check mail address from the sender (an example, I didn't know that your domain is finishing with net, and not with com), and continue with following the sender’s instructions.
So, because I'm also on the low level of security settings, what can we do to be more protected from this kind of threats?

 

[cPanelLauren]

cPanel owns both cpanel.com and cpanel.net - any messages such as this that appear to originate from cPanel are spoofed messages.

Are you using SpamAssassin? If you have SpamAssassin enabled it will automatically perform an SPF check that would cause these messages to score pretty high on a spam scan.

Furthermore, if you want to be more restricted you could enable sender verification and reject sender verification failures in WHM>>Service Configuration>>EximConfigurationManager.

 

[Sasa1975]

Hello,

I didn't know that you own also cpanel.com. But how it's possible that I receive a mail from your address? OK, I suppose it's a long answer and I can find it somewhere and read it, better then you loose your time with answering. More important is that I have enabled Apache SpamAssassin and my Spam Threshold Score is 5. Should I change that?
And for your advice and WHM, I'm not sure what is it and when can I find it....

 

[cPanelLauren]

But how it's possible that I receive a mail from your address?

Spoofing and header manipulation, unfortunately, it's a popular scheme right now.

More important is that I have enabled Apache SpamAssassin and my Spam Threshold Score is 5. Should I change that?

Honestly, I'd set the spam threshold score a little more conservatively. Typically I'll set it to flag as spam at 3 and then auto-delete at 5 but you should ensure that legitimate mail is not getting flagged as spam before you do this.

 

[Sasa1975]

Thank you for your answers. In a meantime, I received new one, you can see it belowe. I'll put at 3 also, so we'll see. Should I report this, or it's going automatic?

"SPAM Webmail Notification [unusual login activity]
Dear aleksandar.jevremovic,

We've recently received some notifications regarding your account: [email protected] , which may be due to recent changes to your email or incorrect attempts to sign in to your email account.

User ID : aleksandar.jevremovic
Domain: domain.com

We will ensure that we block your account if we do not hear from you. Please click on the link below to stop these attempts and return your account.
Proceed to Domain Portal domain.com to Update Now!



Sincerely
cPanel Web Admin (C) 2020 Secured Service.

domain.com • Web Admin • Redmond, WA 98052
You are receiving this one-time notification because you created [email protected] account."

 

[cPanelLauren]

If you're unaware of what cPanel Web Admin is then yes. This is a company unrelated to us.

 

[Sasa1975]

How can I be aware what is cPanel Web Admin? Nobody gave me instructions when I started to use your service.

But this I don't understand (OK, between a lot of things). You want to say (with this "This is a company unrelated to us") that I'm receiving SPAM mails from a company?
OK, whatever, I did what you wrote to me, and I hope this kind of mails will stop. Thank you for help.

 

[cPanelLauren]

How can I be aware what is cPanel Web Admin? Nobody gave me instructions when I started to use your service.

I wouldn't expect you to know what it is, if you're not utilizing it. I wouldn't have a way to know what you are and are not utilizing. I can say that this isn't something I've heard of previously nor is it something that's affiliated with cPanel & WHM.

But this I don't understand (OK, between a lot of things). You want to say (with this "This is a company unrelated to us") that I'm receiving SPAM mails from a company?
OK, whatever, I did what you wrote to me, and I hope this kind of mails will stop. Thank you for help.

Yes, if you're not familiar with this product, and it's not something you're using, I would say it is spam. It is not something that is provided by cPanel & WHM

 

[Sasa1975]

Thank you for your answers, but just one more question, to be sure that I did everything properly. I change Spam Threshold Score from 5 to 4, but I'm still receiving this spam mails, even I blocked sender. Is there anything more I should do, and is there any dangerous for my website or my emails?

 

[cPanelLauren]

If you've blocked the sender and you're still receiving mails from them I'd wager that something is misconfigured. As I noted previously, I typically set the spam flag threshold to 2-3 and the autodelete somewhere around 5