Webmail Notification[Pending Delivery On Your e-Mail]

Sasa1975

Member
Jan 13, 2020
5
0
1
Belgrade
cPanel Access Level
Website Owner
I received this morning email, with the title "Pending Delivery On Your e-Mail". It comes from email [email protected], and with the text:
"
Dear aleksandar.jevremovic,

You have Three (3) Messages Pending Delivery On Your e-Mail Portal Since: 10 January, 2020.
This messages can be viewed by the subject of each message or proceed to Mail Update Now to Release Message on your e-Mail Account below.

User ID : aleksandar.jevremovic
Domain: domain.com "

They put a table with three emails that "pending", with realistic titles, as you can see below:

Pending: RE: Statement Of Account NoticeTo: aleksandar.jevremovic10-01-2020
Pending: Fw: Proforma Invoice / ContractTo: aleksandar.jevremovic10-01-2020
Pending: RE: Swift copy PaymentTo: aleksandar.jevremovic10-01-2020

And OK, it's nothing extraordinary, this is kind of titles you can receive every day, and after two simply checks I found out it is a spam (it's simple to see where they want to redirect you), but for a people with less knowledge of basic things about mail security, this kind of mail can be a problem, because most of them will just check mail address from the sender (an example, I didn't know that your domain is finishing with net, and not with com), and continue with following the sender’s instructions.
So, because I'm also on the low level of security settings, what can we do to be more protected from this kind of threats?
 
Last edited by a moderator:

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
9,012
762
263
Houston
cPanel Access Level
DataCenter Provider
cPanel owns both cpanel.com and cpanel.net - any messages such as this that appear to originate from cPanel are spoofed messages.

Are you using SpamAssassin? If you have SpamAssassin enabled it will automatically perform an SPF check that would cause these messages to score pretty high on a spam scan.

Furthermore, if you want to be more restricted you could enable sender verification and reject sender verification failures in WHM>>Service Configuration>>EximConfigurationManager.
 

Sasa1975

Member
Jan 13, 2020
5
0
1
Belgrade
cPanel Access Level
Website Owner
Hello,

I didn't know that you own also cpanel.com. But how it's possible that I receive a mail from your address? OK, I suppose it's a long answer and I can find it somewhere and read it, better then you loose your time with answering. More important is that I have enabled Apache SpamAssassin and my Spam Threshold Score is 5. Should I change that?
And for your advice and WHM, I'm not sure what is it and when can I find it....
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
9,012
762
263
Houston
cPanel Access Level
DataCenter Provider
But how it's possible that I receive a mail from your address?
Spoofing and header manipulation, unfortunately, it's a popular scheme right now.


More important is that I have enabled Apache SpamAssassin and my Spam Threshold Score is 5. Should I change that?
Honestly, I'd set the spam threshold score a little more conservatively. Typically I'll set it to flag as spam at 3 and then auto-delete at 5 but you should ensure that legitimate mail is not getting flagged as spam before you do this.
 

Sasa1975

Member
Jan 13, 2020
5
0
1
Belgrade
cPanel Access Level
Website Owner
Thank you for your answers. In a meantime, I received new one, you can see it belowe. I'll put at 3 also, so we'll see. Should I report this, or it's going automatic?

"SPAM Webmail Notification [unusual login activity]
Dear aleksandar.jevremovic,

We've recently received some notifications regarding your account: [email protected] , which may be due to recent changes to your email or incorrect attempts to sign in to your email account.

User ID : aleksandar.jevremovic
Domain: domain.com

We will ensure that we block your account if we do not hear from you. Please click on the link below to stop these attempts and return your account.
Proceed to Domain Portal domain.com to Update Now!



Sincerely
cPanel Web Admin (C) 2020 Secured Service.

domain.com • Web Admin • Redmond, WA 98052
You are receiving this one-time notification because you created [email protected] account."
 
Last edited by a moderator:

Sasa1975

Member
Jan 13, 2020
5
0
1
Belgrade
cPanel Access Level
Website Owner
How can I be aware what is cPanel Web Admin? Nobody gave me instructions when I started to use your service.

But this I don't understand (OK, between a lot of things). You want to say (with this "This is a company unrelated to us") that I'm receiving SPAM mails from a company?
OK, whatever, I did what you wrote to me, and I hope this kind of mails will stop. Thank you for help.
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
9,012
762
263
Houston
cPanel Access Level
DataCenter Provider
How can I be aware what is cPanel Web Admin? Nobody gave me instructions when I started to use your service.
I wouldn't expect you to know what it is, if you're not utilizing it. I wouldn't have a way to know what you are and are not utilizing. I can say that this isn't something I've heard of previously nor is it something that's affiliated with cPanel & WHM.

But this I don't understand (OK, between a lot of things). You want to say (with this "This is a company unrelated to us") that I'm receiving SPAM mails from a company?
OK, whatever, I did what you wrote to me, and I hope this kind of mails will stop. Thank you for help.
Yes, if you're not familiar with this product, and it's not something you're using, I would say it is spam. It is not something that is provided by cPanel & WHM
 

Sasa1975

Member
Jan 13, 2020
5
0
1
Belgrade
cPanel Access Level
Website Owner
Thank you for your answers, but just one more question, to be sure that I did everything properly. I change Spam Threshold Score from 5 to 4, but I'm still receiving this spam mails, even I blocked sender. Is there anything more I should do, and is there any dangerous for my website or my emails?