Stop Spoof Email In A Poof!

To sustain this free service, we receive affiliate commissions via some of our links. This doesn’t affect rankings. Our review process.

AttachmentGetting emails from a friend asking you to click here for the latest viagra solution? You’re thinking, yeah, that’s not normally what I get from that person. Well, even though the email “From:” may have their name, the truth is it’s probably not sent from that person.

If you were to investigate the email headers (data which shows you technical detail about the email and where it came from) you’d probably find that the senders email address is not in fact yourfriend@addressyourecognize.com, but instead, web0123lkj@dlijefijef.tz or something crazy like that – in other words, only the name was made to look like your friend. So, how do you go about stopping these?

Our Encounter With Spoofing

We recently had a problem where the root email address associated with a few domains was being spoofed to death. This was on domains that were merely setup to forward to another domain. That is, they had no user email accounts setup (with exception of the root account, which cannot be deleted), no forwarders setup, no catch-all (a catch-all address “catches” emails that arrive at the server but cannot find a matching user or email address), and no auto-responders (auto-responders are setup to automatically respond with a pre-written message to messages that target a specific email address. An out of office message is a type of auto-responder).

Nevertheless, emails continued to pour in. These emails were all the result of spoofing attempts.

What Is Spoofing?

Spoofing refers to fraudulent e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source.

Stop spam signHow To Stop Spoof Email (Spoofing)?

There is no real way to stop spoofing except to find an anti-spam (in this case anti-spoofing) solution that can effectively detect them, or to set a filter in your email client to recognize them.

Stopping Spoofing Emails With An Email Filter

In your mail client, define a filter that will delete messages based on specific values in the email message header. In our case, we set the header to delete messages sent from the MAILER-DAEMON address.

What Is A Mailer-Daemon Address?

A mailer-daemon address is used to process bounce messages. In other words, messages that have not reached a recipient. A bounce message (or failed Delivery Status Notification (DSN) message) is an automated electronic mail message from a mail system informing the sender of another message about a delivery problem. The original message is said to have bounced. By filtering out and deleting all messages from the mailer-daemon on your server that processes these messages as they arrive, you should prevent your mailbox from filling up and potentially having your account suspended for going over your disk space quota.

We’re going to show you how to filter spoof messages in Horde, a common webmail utility used in the Cpanel interface. A similar approach should be available to set filters in any server/ webmail environment.

Example: How To Filter And Stop Spoof Emails In Horde (Cpanel Webmail Client)

  1. Log into webmail for your root account (ie. log into Cpanel and click on the Webmail icon)
  2. Click on the filters icon towards the top of the screen.
  3. Select “New Rule”
  4. Name your rule something like “Stop Spoofs”
  5. Under For an incoming message that matches: select “All of the following”
  6. Under the “Select a field” drop-down, select “From”
  7. The next drop-down should have “Contains”
  8. In the field type your mailer-daemon email address (you can find this by examining the full message headers of one of your spoof emails – look for the value next to the “From” field).
  9. Under “Do this” select “Delete message completely”
  10. You can select “Stop checking if this rule matches”
  11. Click the “Save” button
  12. You can move the filter to the top of the filter list so that it is executed first (before any other filters).
  13. Select “Apply Filters” to run the filter on your current inbox.

Voila 🙂 You should have gotten rid of your spoofed email messages. Any new spoof email messages that arrive will be promptly deleted.

We’ve also got a related article on exporting and importing your Horde emails for backup or transfer.

Don’t Click On Links In An Email

Never click links in an email, even ones from a friend – rather, type the links directly into a web browser, or if the link is too long and complicated, ask your friend to send it to you via another communication method.

Email inbox on phone screen (caption: Guide to Email)Master Your Email

Found this useful? Want to geek out more on email and see what other nifty tricks we have up our sleeve? We invite you to checkout our experts’ 101 guide to email, which covers everything from email providers to anti-spam solutions and a whole section on email marketing and leveraging it effectively for your business.

Did you get a suspicious email from a friend?

About The Author:

Alex has been involved on the business side of the internet since the early 2000's. He holds both a Management Science degree from the University of California at San Diego as well as a Computer Science degree from NJIT.

We Rock Your Web had its roots back in 2004 as the tech blog for a web design and development company Alex founded that has grown and evolved into the parent company of We Rock Your Web.

While his foundation is rooted in web development, his expertise today lies in content and digital marketing, SEO, organic and paid search, analytics, and publishing. Alex is an avid tennis player, nature enthusiast, and hiker, and enjoys spending time with his wife, friends, and dogs.

Disclaimer: This website contains reviews, opinions and information regarding products and services manufactured or provided by third parties. We are not responsible in any way for such products and services, and nothing contained here should be construed as a guarantee of the functionality, utility, safety or reliability of any product or services reviewed or discussed. Please follow the directions provided by the manufacturer or service provider when using any product or service reviewed or discussed on this website.

New comments are closed at this time.

Comments (10)