Spoofing

From Servage Wiki
Jump to: navigation, search

Issue: you get a lot of bounced mails. It seems like the original mails were sent from one of your e-mail addresses, but you never really send those mails.

These scenarios are possible:
A.) you run a forum or another online application which is hacked. The hacker sends mails through that online application to a large number of mail addresses
Fix: please check your scripts regarding to not wanted or suspicious code and clean your files

B.) you are victim of Spoofing. E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source.
Fix: a SPF-record can avoid the abuse of your e-mail accounts. You can create a SPF-record for domains which run through the Servage nameserver via your control panel (-> DNS settings, -> button "SPF-record assistant"):

https://secure.servage.net/cp/domains/domain_list/

More details about the SPF technique can be found here:

http://en.wikipedia.org/wiki/Sender_Policy_Framework

If you are interested in more information about Spoofing, please check this page:

http://en.wikipedia.org/wiki/Spoofing_attack

Addition: It is important to understand that a SPF-record can't avoid spoofing 100% in all cases. If spoofing occurs in spite of a suitable SPF-record it could help to contact the mailhoster through which the spam messages are send. Often the contact mailaddress of the spam messages is something like "abuse@MAILHOSTER..". Please check the header of the spoofing mails for that.

Personal tools
Navigation