How to stop spoofing

Discussions on webmail and the Professional version.
Post Reply
solucionmike
Posts: 93
Joined: Sat Dec 10, 2005 6:37 pm
Location: Mexico
Contact:

How to stop spoofing

Post by solucionmike » Tue Dec 03, 2019 2:20 am

Hi,
We are getting a regular Spoofing email asking for bitcoins and saying they have hacked the users account and will publish the users secret etc.

They are sending a regular Email that looks like is being sent using the users account (saying of course they hacked the account)

I have tried the spoofing options in MailEnable but does not help.

In Admin the SMTP properties -> Security->spoofing under that heading Address Spoofing Prevention shows 3 options, and I selected the middle one (Only users who authenticate with a username and password are able to send using an address that contains a domain which is configured on the server..)

What is the best setting to stop spoofing?

Thanks

Mike
The header of the Email is below and uses same Email as sender and recipient:

Received: from dynamic-109-81-208-198.ipv4.broadband.iol.cz ([109.81.208.198]) by XXXXX.net with
MailEnable ESMTP; Tue, 29 Oct 2019 05:54:49 -0600
From: <info@XXXXX.com>
To: <info@XXXXX.com>

Date: 29 Oct 2019 12:24:06 +0000
MIME-Version: 1.0
Subject: Security Notice. Someone have access to your system.
Message-ID: <5DB836AA.3021.0C9118@info.llvclub.com>
Priority: normal
X-mailer: Pegasus Mail for Windows (4.41)
Content-type: text/plain; charset="ibm852"
Content-transfer-encoding: 8BIT
Content-description: Mail message body
X-MXScan-Scan: Scanned by MxScan 3.1.101.0 for P3935103
X-MXScan-Msgid: E656E42F5D4A4E52B5304103E619F298_
X-MXScan-Country-Sequence: CZECH REPUBLIC->Destination
X-MXScan-AntiVirus: ClamAV 0.98.7/25615/Sun Oct 27 02:54:28 2019 [Clean]
X-MXScan-AntiSpam: Sender WHITELISTED
X-MXScan-ProcessingTime: 0 sec(s)
X-ME-Bayesian: 0.000000
Return-Path: <info@llvclub.com>

Hi, dear user of llvclub.com etc, etc.
Mike May

sl-grege
Posts: 4
Joined: Tue Jan 22, 2019 4:54 pm

Re: How to stop spoofing

Post by sl-grege » Fri Dec 06, 2019 11:41 pm

The issue here is that that e-mail is not coming from your server. It is being spoofed elsewhere.

In order to stop these types of messages, you would need to turn on SPF protection in MailEnable ( Located in SMTP properties ) and make sure that the domain has a valid SPF record in DNS.

Gregory
www.sectorlink.com

solucionmike
Posts: 93
Joined: Sat Dec 10, 2005 6:37 pm
Location: Mexico
Contact:

Re: How to stop spoofing

Post by solucionmike » Mon Dec 09, 2019 12:51 am

Hi Gregory,
And thanks for help.

Do you know which of the Admin SMTP properties -> Security->Address Spoofing Prevention shows 3 options.

I selected the middle one (Only users who authenticate with a username and password are able to send using an address that contains a domain which is configured on the server.)

Which is the best setting to stop spoofing?

Also there was a syntax error in my SPF record and I fixed that.

Thanks
Mike
Mike May

Post Reply