: Is my host at fault from spam and phishing emails sent to users at my domain that appear to come FROM a fake address at my domain? I am taking care of a website like example.com. The company
I am taking care of a website like example.com. The company is using the email on the same domain (as you'd expect), like user@example.com.
Unfortunately, someone has created an address like person@example.com, the same domain, and started sending bills and stuff to other people (clients or related to the company) and it is obviously hurting the business.
I've tried to contact the hosting company but they keep saying that it is not their fault because people clone email addresses and they have nothing to do with this.
What can I do about this? Is this a problem from the hosting company or are they right that any address can be cloned? I was not aware of this but I have a feeling this is not entirely true.
More posts by @Bryan171
3 Comments
Sorted by latest first Latest Oldest Best
I'm assuming the spoofing party (the bad guys pretending to be you) has to access to your server.
In that case, the solution is fairly simpel: Set a SPF record. Simplefied it works like this:
DomainOwner mails via the website. This IP is 1.1.1.1. Bad guy also mails using your mail address, but he mails from IP 4.3.2.1. This is like your current situation now.
The recieving party, or your ISP, or your spamfilter will check the SPF-record for example.com, which says Mail send under my name from IP 1.1.1.1 is legit, ignore the rest.
You add this as TXT record to your DNS: "v=spf1 a -all". This says to check your A-record (that's what that loner 'a' stands for).
To make even more improvment, add DKIM. This is yet another check to prevent spamming and spoofing.
If you can't set one of those because your hoster doesn't let you, it's time to move.
Check for the email account on the website or email control panel. As suggested by others you can also check logs to see if someone unauthorized accessed the control panel.
However, there are ways to write scripts that send out emails that do not exist. So it is not completely preventable.
When I was initially working with php, I would always send the form queries with an email like response-bot@company.com which was not actually created. You would however get the email with that email ID.
When you say you tried sending emails to that address and the server response was that it did not exist, it was probably sent the same way as I mentioned above.
As for damage control, it is better if you inform the clients/users that the particular email is fake or unauthorized and it is best if you start using some form of encoding in your bills and letter heads that outsiders cannot have access to.
No one can clone an email address, they can create a spoof email and show the name as from being sent as the company but can not clone the email address itself.
Example - Real Email:
Sender: myCompany, Subject: mySubject, Email Address: person@myDomain.con
Example - Fake Email:
Sender: myCompany, Subject: mySubject, Email Address: person@myDomian.con
Did you catch it? Look at misspelling of fake email address.
The only way some can can create an email with the real domain name is by gaining access to the Domain Control Panel or the Email Control Panel and creating a legit email.
With that, I would check the Domain Control Panel or the Email Control Panel
to see if someone altered the MX records or created this person@example.com email you mentioned.
In either case hosting and email providers are not responsible.
I suggest you enable 2-step verification if you have not done so. This way, the phone number on record will be texted an authorization code after corretly supplying login credentials.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.