Stop Spoof Email in a Poof!

How do we keep this site running? This post may contain affiliate links — the cost is the same to you, but we get a referral fee. Compensation does not affect rankings. Thanks!

AttachmentWe recently had a problem where the root email address associated with a few domains was being spoofed to death. This was on domains that were merely setup to forward to another domain. That is, they had no user email accounts setup (with exception of the root account, which cannot be deleted), no forwarders setup, no catch-all (a catch-all address “catches” emails that arrive at the server but cannot find a matching user or email address), and no auto-responders (auto-responders are setup to automatically respond with a pre-written message to messages that target a specific email address. An out of office message is a type of auto-responder). Nevertheless, emails continued to pour in. These emails were all the result of spoofing attempts.

What is spoofing?

Spoofing refers to fraudulent e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source.

How to stop spoof email, ie. spoofing?

There is no real way to stop spoofing except to delete the messages as they arrive. To accomplish this, you can simply define a filter that will delete messages based on specific values in the email message header. In our case, we set the header to delete messages sent from the MAILER-DAEMON address.

What is a mailer-daemon address?

A mailer-daemon address is used to process bounce messages. In other words, messages that have not reached a recipient. A bounce message (or failed Delivery Status Notification (DSN) message) is an automated electronic mail message from a mail system informing the sender of another message about a delivery problem. The original message is said to have bounced. By filtering out and deleting all messages from the mailer-daemon on your server that processes these messages as they arrive, you should prevent your mailbox from filling up and potentially having your account suspended for going over your disk space quota.

We’re going to show you how to filter spoof messages in Horde, a common webmail utility used in the Cpanel interface. A similar approach should be available to set filters in any server/ webmail environment.

How to filter and stop spoof emails in Horde (Cpanel)

  • Log into webmail for your root account (ie. log into Cpanel and click on the Webmail icon)
  • Click on the filters icon towards the top of the screen.
  • Select “New Rule”
  • Name your rule something like “Stop Spoofs”
  • Under For an incoming message that matches: select “All of the following”
  • Under the “Select a field” drop-down, select “From”
  • The next drop-down should have “Contains”
  • In the field type your mailer-daemon email address (you can find this by examining the full message headers of one of your spoof emails – look for the value next to the “From” field).
  • Under “Do this” select “Delete message completely”
  • You can select “Stop checking if this rule matches”
  • Click the “Save” button
  • You can move the filter to the top of the filter list so that it is executed first (before any other filters).
  • Select “Apply Filters” to run the filter on your current inbox.

Voila 🙂 You should have gotten rid of your spoofed email messages. Any new spoof email messages that arrive will be promptly deleted.

Alex bring a series of in-depth articles on search marketing and content management systems as well as troubleshooting tips to We Rock Your Web’s collection. He is an avid tennis player, nature enthusiast, and hiker, and enjoys spending time with his wife, friends, and dogs, Bella and Lily.

Leave a Reply

9 Comments on "Stop Spoof Email in a Poof!"

avatar
Spoof\'d
Spoof\'d
This doesn’t help those of us who have had our own email addresses spoofed…
Skip Horni
Skip Horni
And for the record, I set my filter to “Body” then “Contains” 90% of my failures were because I had exceeded a 500 email a day limit. I was able to delete these with impunity. I can still get emails if I miss-type an address. The other is a “550 5.1.1” error. This is more problematic but, as a home user, should hardly ever affect me. I did the same thing. Created a new rule “Spoof2” “Body” then “contains” and then the 550 string.

I hope this helps others. I had been getting these for days. Setting a generic rule in my client was not making me happy.

Again, Alex, thanks for the help.

Skip Horni
Skip Horni
You saved my cojacks!! Thanks!!!
I know that they (delivery failures from my spoofed email) are still coming in but there isn’t thing one I can do about it. I have an SPF and, as soon as I figure out how, set up a DMARC record.
davidnorwood
davidnorwood
I cannot stop this email source. Any suggestions?

I have tried to block using the words in the source, which is consistent in each email. There is ALWAYS the word snapchat in every email. So, I tried a RULE that would move any email that I receive with the Word snapchat in the header. THAT DOES NOT WORK.

Received: from DM3PR18CA0032.namprd18.prod.outlook.com (10.164.243.42) by
DM5PR18MB1370.namprd18.prod.outlook.com (10.175.223.146) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.1.734.8 via Mailbox Transport; Sun, 27 Nov 2016 09:40:44 +0000
Received: from inbound.mail.protection.outlook.com (216.32.180.48) by
DM3PR18CA0032.outlook.office365.com (10.164.243.42) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.1.734.8 via Frontend Transport; Sun, 27 Nov 2016 09:40:44 +0000
Received: from BY2NAM03FT047.eop-NAM03.prod.protection.outlook.com
(10.152.84.58) by BY2NAM03HT221.eop-NAM03.prod.protection.outlook.com
(10.152.85.91) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.734.4; Sun, 27 Nov
2016 09:40:43 +0000
Authentication-Results: spf=pass (sender IP is 209.126.148.188)
smtp.mailfrom=biz6.feedbiiz.site; hotmail.com; dkim=none (message not signed)
header.d=none;hotmail.com; dmarc=bestguesspass action=none
header.from=biz6.feedbiiz.site;
Received-SPF: Pass (protection.outlook.com: domain of biz6.feedbiiz.site
designates 209.126.148.188 as permitted sender)
receiver=protection.outlook.com; client-ip=209.126.148.188; helo=
biz6.feedbiiz.site;
Received: from COL004-MC6F25.hotmail.com (10.152.84.51) by
BY2NAM03FT047.mail.protection.outlook.com (10.152.85.103) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.1.734.4 via Frontend Transport; Sun, 27 Nov 2016 09:40:43 +0000
X-IncomingTopHeaderMarker: OriginalChecksum:F90AAFC32BF33035DFE68D7DD61842DD19E2F189BBAE51C375A60853F6F0570C;UpperCasedChecksum:454135E123227082A99D93BBC8494F0C891099341753D7733603F05FFA1991E7;SizeAsReceived:566;Count:10
Received: from biz6.feedbiiz.site ([209.126.148.188]) by COL004-MC6F25.hotmail.com with Microsoft SMTPSVC(7.5.7601.23143);
Sun, 27 Nov 2016 01:40:42 -0800
From: ProShotHDX
Subject: Reserve your ProShot HDX product NOW!
Date: Sun, 27 Nov 2016 09:40:33 +0000
To:
Reply-To:
Content-Type: text/html
Return-Path: HDX@biz6.feedbiiz.site
Message-ID:
X-OriginalArrivalTime: 27 Nov 2016 09:40:42.0884 (UTC) FILETIME=[5235AC40:01D24892]
X-IncomingHeaderCount: 10
X-MS-Exchange-Organization-Network-Message-Id: 1ca1680d-0da6-409f-5f71-08d416a97531
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
CMM-sender-ip: 209.126.148.188
CMM-sending-ip: 209.126.148.188
CMM-Authentication-Results: hotmail.com; spf=pass (sender IP is
209.126.148.188) smtp.mailfrom=HDX@biz6.feedbiiz.site; dkim=none
header.d=biz6.feedbiiz.site; x-hmca=pass header.id=HDX@biz6.feedbiiz.site
CMM-X-SID-PRA: HDX@biz6.feedbiiz.site
CMM-X-AUTH-Result: PASS
CMM-X-SID-Result: PASS
CMM-X-Message-Status: n:n
CMM-X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MTtHRD0xO1NDTD0w
CMM-X-Message-Info: NhFq/7gR1vTvTqmPqDcS3YOBb1Dqow7UXbpAI/+5SmfEkI+5nmBtaTU1E8cBuhIt/FNdeu1TVoODyzeipTEJfsPp09NlUD0ehoKRtrgdnxcSv9yKHGxl7uznZha9/oB9scRxraP18WnxatZdEIE4F8biIB88vYtbMgYWG757gke1qNMa5Iq3cKHW8BUuPfQzChg4kKI/x8mDv8YuZJcGO5bZJ+GKUBioKVFtYqEEyOB/KFiQa4ozcQ==
X-MS-Exchange-Organization-PCL: 2
X-Microsoft-Exchange-Diagnostics: 1;BY2NAM03FT047;1:xUF2eKdDgWLlzKZFO1niyv9FNZhhzaNfKXQJNUa8lZVjVhtU7Smc3JMgJsMnXg2623oPdYDIS/PwOc1juIisTYshSp0TWRH7i+1Wx15X0WI0eCkZvPI003J5xvVOnWlxoXerFbffcJchRtAZfn8CZrA36rGT3TuF+/cuPqNS3qFSNEIkdvJ34j5ObC+tzz7y
X-Forefront-Antispam-Report: EFV:NLI;SFV:NSPM;SFS:(98900003);DIR:INB;SFP:;SCL:1;SRVR:BY2NAM03HT221;H:COL004-MC6F25.hotmail.com;FPR:;SPF:None;LANG:en;
X-Microsoft-Exchange-Diagnostics: 1;BY2NAM03HT221;2:CPRcd0GM20m58Jzi+HEhO6OtXnzibilrN2s3QUcSYNDVjosymF0Hb9ti74WFWHeRFihPi9eAN1AvWyThqTvfs02epsDDF3kPEhVOLgaQGOI02tBKsJxqCLjnwYBNGQg1iaVqe/iIJm1vrvzDt5XuIKHr4ySk0bgirZJBbFPLjEw=;3:TUP/7xoDtPtnplEbc+R6Prv6l2fhiv8ZhrkZdhXgtGAD1HGcFOe64RFOelZ0RpTSad4HBTwROTJ6C9qQvvlVQLzB1y08kyV0QeQQ0wfChJN+ZUL3jZjdL2dwcegGQszFJv6/VHUtGt0QobOu9Bm+Oz+IfR0dMKezwIS/ebCikHgrP5zDPRVuoh6VANhHnBz5TDHTweAUpIE6Ku3KgulLjyPFK0aZdcNGXCDIChjwppqZEJ8tzISi7ukD0mf5wmL+/M7uD6rjksMEc9dTbSOFp0hET4NP5Sh+jkr7QUlU8ms=
X-MS-Office365-Filtering-Correlation-Id: 1ca1680d-0da6-409f-5f71-08d416a97531
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(22001)(8291500097)(8291501002);SRVR:BY2NAM03HT221;
X-Microsoft-Exchange-Diagnostics: 1;BY2NAM03HT221;25:YQlhmWYc6XIix6V08ubH3VzRbCXEwEmGZeSMon64FCzin7/Y+mHq8Rov0a1XpLCyAkP9WC30GXIFw9otrbtcGtvD2/ZpM6y/OnMIu1sEJ/9YSCqQ7LcEDk72CrGSrznZwIRMxTOY2RjEZAt9tW5pTYgNHmNNlzHY6pmpmOf/8BMWvjvDVPv725FhmGLfy/Ut1YqU2bh2VCu23rTLKq/OFdjXIxQlKGAcGpVoLHau5g1MKCWjobJwEF3gSataIN0+dt5f4AKJpAnayiE87M1m3STkmiI57uKVKdSPA6OaHVMZgmsGKs6oMF4JqRxUH1B5jfnRZXLcaqsfhVSL5erx6/wRndP6Tz/JHjccHubGfNHO5w6CMTRRCN0pJ+NUlRk8nGcOMG1Q63YldeRz6QrRkyDqiyu4dMahCjtNt6glEntPvaSeTRhfjucYqlW/elsF5x2luBucYHpFnEB+dN7+NeIFxVioEnTVH3IgkL0jbQmMMKv5z8h0ukVuf51ihEZjdPDhb9QoXkUPUWboZTge1w==;31:RF5LpSUteXMOVl0z/WG4OxRn4EhhCp85hydz7p6G9uLipDZEDg4bKSZegGZ6srQj0q/dO/y7mzQkPEwx2msu5e8KZkMj6NJmta1ba1KLhur2lQaU0JCovcGQy/bGrfR7U6DXHO9fbNfmWt4y8BhIHLmETRilAaD6SpfeO28U5tTvk83SoBofEgkGD4pLS38bV3bq2So/oHUUSrLEB+WCipLpAmAVj1l0SLskUAcQSC5wdGtBP+QM8spSB4JDEwJdVlh51jxHpI8OqWxeDcTgsg==
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(82015046);SRVR:BY2NAM03HT221;BCL:0;PCL:0;RULEID:;SRVR:BY2NAM03HT221;
X-Microsoft-Exchange-Diagnostics: 1;BY2NAM03HT221;4:9fUNq4u4QkXk/0ryT39z7z/RGbpiOwFijYRWqDPygy9tfwx1OZ746IPRYFr7u3hTn5zVzyg9EGAa4QTobEz120ZOhqptZgXn1zQz73x74ni/SZXneNeZ8+GkMYmR312kU9o/9Cadzc+I3hOS67ntdq0pC/N6dIdkKb4qi6vmluZeRhnEI0YQqGJM280UpPEVqD73im2RE3mIRu3hWcVVlUtrx8M6ApyPVa+noPH7FeSuC3+L1bY8/ofapwA5xySJugCAnofIFsbYSA1E9W4MspggjcOiCV9Iyid8HHkYqTs=;23:W6fFXwr2I5tnNvSNEW+jkyuUrnpEALQ3NUpcuY4k4DhB7dHEb6ausymvyx28KSKwMYti+2QXFUHy9WWhy+2k0yZsAOwwo8GK5MiLEuhRw2u21IVjYW1SLNfF6w1qRF6utdMinnux70ufKa3UnrPTnDc/XhuMCox5q/xdLq1cZfGx/qAy8dO987D+MgSIwg6lpgw3ta+f0VEWEHldHZQyQA==;6:EpvWNhFbjVHa6AV+EdebnG21pTokqqL0/fkfWv29YYLkQVAZPFWNNoBHkQXpPlij0kxiIuF4pgqgFC6T67TIKQ9FG5NM489JyXzwwbvorLG1JVAQl8HM4HZvw+uQrTnhmaAi8V/xhqoKFx7xoMO2e1UjuUGT4SYHh6LOybEUbIKfW2vTVYI1PFmSg717redGMBjZlexVtk9hWNFw6CiJ1ncq2YyrHRhvrtFi3n16HMK2mPk1+drVfPAXwieJ0731079/jwSCpMdt6U23rgo5MNNDSJnZ4G7rGfcx4Ep8skKifs1Nqp04Voj7/lakwp88/UG0wiQeffeXUxEwedjFiw==
X-MS-Exchange-Organization-SCL: 1
X-Microsoft-Exchange-Diagnostics: 1;BY2NAM03HT221;5:0Gu2MBfYVYWb61a0wBp93HJOWJAC9lGKT6NWM9k130GgQaufYkUXxHG8v0wk5x3e4DZHd55NRHkCictLTb+9zi8gwqXn3RwnPfSEQNtgoDmTmX4qtzbh9lflkXZ6PWs52c6KOUw0F1yvj/tTdkJ+8LHxOIQzhJAxfBpELa4gOLI=;24:8nl0BZ+E57HrsvZVWj0yk86+S32MgRABxTxB48TjXeHVlzo/fg+IDh9WLrjSGRE6j4e3IKMonwqnz7XM7UBjLBDsu/Oz8UkyCZHXoOo4W8k=;7:OTKLXmmEbVMUKLvFzG8dz1Azfqej+Xw8qbPAdnNDUpYXzvnZEKL/DMZbePqCdskXfqvtkRFso20oRt6pTaMWQsF7k4NyuN2LurnMSMOC2F0xoLy8fV/nHBWbfvFw4ocUSrin7xN3vIxoCtXKVL4IJsMsezNskQWqHOcFbaJW0T2kaLLJJPBJJaTS0AtcSmnKsA2dPR0zBCRNP8MkqkVVPZGAfJgnRQbKD2t3/e6XzEXjlxEI28Y8+BNfl99iYSDncGy2jjq7rv7JT9hQFUFKhTmujVYfNxmDHw4DKoL2FRZNT1/RN7aF8k2REqJ9+222IYBYtqzMJcLtD7DlRsx9kfPBehHwUn6Cx5g9FgnDtg6SMfs7IAts7u1Zw8ABZfqA
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Nov 2016 09:40:43.3474
(UTC)
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2NAM03HT221
X-MS-Exchange-Organization-AuthSource: BY2NAM03FT047.eop-NAM03.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-OriginatorOrg: outlook.com
X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.2294559
X-Microsoft-Exchange-Diagnostics:
1;DM5PR18MB1370;9:99FwrANPXivF4IxgSc8+mjphlvuhI9t7Rr5Zcbv2r5hKyfltfCRc6xKOeEq0Up/dg38UqhDBLpk/HVv42SwvyLhX1hsFlNXH3QHk86qaRs8ZzZQVFpT3gdLp5di+T6JhlsYAqgqH8/d6GmCxqvYiDlZ86Yb8oO3JC71jhnq4y69jzffP/fJGlDS/qvBhIMovqVAMCvMXsPco5NpI2Z/RogzZrrSa9WAvNKDIzi6E+3aRaQ6xeXjdD2F7fMRJVrpRFID5GjzxpWWSJO4jBmHyLJvyH0RAR9HHzevaqkhFnEKxHPk950kcMEru4aQUuh3tDmKLlFsFJv/wxuR3zOvJyyRiknADhnpfApbQFvqzhxOsQFxNT9bfmeeQ2m8itRzEgG7cvjap9tOae0q3ts2+o2p3kGqeyZZNd2Ao823xfFo2V8iFhLezMegybl2t4XpvMQYh5yOipY+cZuNO9CvIeM9OB/zqtLdph+UpISUQOTGPX4s0a71eBuFysGdEzoMfotO0pF4xgbDjpB35Yn9WXmeD2DjglrqIscsPPJ5tgzv+15xiayQpDv+gy1CJpIJaXIfdBFvYtQvoIZ4Dua58gIkOb7VtCEE9CifNFe0eIvfkSkR0YyJ21AwpHI7rMkNlxR0uvDnj+uO6DVhr1HdIQecVR4zL4MzeUI1SkMMx3qp9czDeuvQ9qBo89s+T97I3rOJuDS1aodjw/Brj6ueCSl+ZPlA3lAKN24CR7WlWeoeBBctCJPWvdn0FKnrAn0+bbM6IRSH16bdyYiZtpxuNQgwIvW/fFGQ7YvTBVxXs8r8byheQse0AyagF+daB4XvSVxvIa17hbi0SRPXJMVEZHfPbKDi/ZGH1Xxyvc3zsU8bSIvMPHp7nyFaunOk2d/FGXUEh1g/528w0QhZGgWqC17/kCkDsCOSvTbBfiillpCfI8fcA1RFCP1ub8v6tc8Mt
X-Microsoft-Antispam-Mailbox-Delivery:
abwl:0;wl:0;pcwl:0;kl:0;iwl:0;ijl:0;dwl:0;dkl:0;rwl:0;ex:0;auth:1;dest:I;WIMS-SenderIP:209.126.148.188;WIMS-SPF:biz6%2efeedbiiz%2esite;WIMS-DKIM:biz6%2efeedbiiz%2esite;WIMS-822:hdx%40biz6%2efeedbiiz%2esite;WIMS-PRA:hdx%40biz6%2efeedbiiz%2esite;WIMS-AUTH:PASS;ENG:(102400050);
MIME-Version: 1.0


Reserve your ProShot HDX product NOW!

29589
serait
4223
enewsletters
footerimages
4296f088-98f6-4a4a-881a-0aeb37b64b2e
jsmith
herederos
vinculos
restricciones
adbutler
7bfe9d6f-a748-00c0-3ccd-f79190927177
455c
43a7
NEWLINE
kitap
9df69aa5-7c26-4aa1-9b00-ccb308b77971
REMINDER
akamaized
16577
07pm
c79e0708-a0ca-4a5a-b7b2-8=
campo-confirmacao
5578
9C66
sinto
35f064df-6dd5-4a05-843e-79aeb966593e
20h00
937c
feedback
Cucumber
irso
3dapp
$$”
biller
airasia
faturas
reenviado
Neuve
sparade
mcnCaptionBlock
puissions
-*/-*/+-*/=”‘(—ImagesUS-*/=”‘(—/+
cb0ab7ae-e15d-b971-971e-700ceeb2c274
Aktuelle
28858
3dae4995-927b-3b0e-328c-c29ffc1846b7
operacional
refle
QUANTIDADE
$$$$@@.questions!-*-*/-*/-/~~~###/*/-
zondag
pakete
8a45
IMMUNOTHERAPY
CGI COLS DCS DCS DEBIT DUDA EXITOSAMENTE FECHA FEIRA GMT GOV GRADE HELPDESK I…
gagn
communiquez
4e41
Bildir
EJERCITAR
v0
redefinir
-//-++-**-$Raices
kabu
209929e1-291g-40c3-a656-368d8545x39b
6488
b85d
Nyhet
e605f526-9ae8-a8dd-9a7b-989227e19663
block4
-/*-*/-++@-*/-++++@__—*/”
socios
points.icon
184173
semelhante
9e8d
2fbt
imageservEr
000066
96d0
SUMMARY
08d35128-8d3e-4614-9a42-2eb7cf464400
christening
aeromexico
Buca
2F01
handelen
programador
b8f10f9e-5ef2-46eb-928a-b67bd6183c7d
278px
MYACCOUNT
248z66j2-a919-42w2-B35j-h83989441523
schoolmessenger
0151
registrierte
3cfb6f80-daf7-9843-af7f-dbf1578ebc8b
width620
Habra
?>
24744
5d45da84-bd22-4aff-82f6-fbf2fb5cdd9f
09084395-3n9n-4308-w238-51wgb45B610e
afore
vineta
65a86292-b170-4e1c-b108-a877755ad394
secretario
subtitulo
semillas
beretta
spullen
beheer
22280
lembramos
10111
L98B5C7U-UD84-C5EE-Q93G-WPG39X2HAT0R-HQX5O
6db69495-ddc3-41b4-baca-ea33e171fb32
=**–+-+**—+–+
htmlmail
engineers
interne
technicien
159fc9a4-c998-47e2-b640-fb800f6419ca
OBP
dood
@@@@$$$$$$acessando)))@@@$$$$$
Receptet
vall
sketches
ACROBAT
txtimg
vollst
txt12
chaleureux
cidades
0136898b-e342-4f69-b6df-f017bff5fec6
tarefa
taquilla
Tomb
WdAng/X09UM46X49FT33S42UMH/Etant
179px
ULB
cloths
Points
Britain
outgoing
20511
asks
@@@___—-****–Calculadora–****—-___@@@
++—/++-*/++$rurpeeca+++**//–+/+$
Reiss
MANDRILLAPP
5417
inserendo
imponer
Yoko
1186
<++-/*+++++++++++-/*/*/——-1239<-///////<-++++++++++-**-++
4a6f
material.**
hauto
43b1
betreuung
sprecher
kleiner
f0b42315-a32f-cb15-b15d-ac705a7eb159
Ecol
McLaren
favorecer
Pons
possuir
-*-*-*-***-*–*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-**–*-*-*-*3399cc/+/+/+////+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+//+
2bea
6688
D25-F39DAD065-0BC040D-D9D0-49A8-857-E92E4-AD0FA
webdesigner-toronto
californien
9ffe
sbcglobal
5095
$]]]///
utilisateur
prayers
teilnehmer
vkontakte
etica
*****SEK******
anterior
5299
procedente
lce
Uncovering
'=''''"''*'=*'''"""'KIMSE*''''''''='''"*'""''' 8487ad89-2653-4cc9-91e4-28c796d77a1b a515be47-cb95-4336-b8f1-5189cd050583 inseto ++//–***////<<$$___________<
APPRECIATE
475a
4e80
21209
3d650fc2-8ce4-5922-b5fa-c399151c67e5
Portugueses
allocate
angleterre
UPN
)&
——–CB='"Cb
aktiv
4BZ9DZ70-BB70-GS4O-W072-GMUQ8F8Y9NBB-TE6J5
addressees**%#=
20facebook
MASTERBASE
glyphosate
mailin
Topic
9048
(`-*//-Releases%#$$$/????@""""/***@-//—+–/=3D??????]@
imgmail
verksamheten
9051
diente
decleor
UPN-CITE
|[[#&–((?!((__&—((#]]-(ampoule=%$$&–((@=%&–((+–""%$$&–(?
pakken
zooplus
aolmail
6039
gedachte
DISARMED
hausse
AMBIENTE
Vintern
bewerten
deficientes
onderwerpen
resumo
TVA
+~}<~~~–(!;&wijzigen[[<
PBI
lataa
africasafari
Moulinex
xian!");}}
elettrodomestici
4e4e4e"@
Urea
')";for
Terre!",
seemingly
estante
aldaniti
DTI
Triangulo
14th
realmedia
rffrid
contactgegevens
3333
nesis
charing
sfdict
engelsiz
bienal
lesson
Wheatley
battling
j`"}
]]///
ending
intended
tuesday
a39f5f86-a7b6-26-9bab-0b64a2278262
5441
religion
pluginfile
ephesians
dunstable
CITE_
BOKNING
13007
valig
instituci
A643
45a0
VLINK
descargarlo
kundnummer
acad
4a15348c-5dab-4f46-b82b-8afaefee1a1d
Helga
bdd7492d-704d-485e-a06d-6abbb39d0181
Pulseiras
analyste
FEEDBACK/QUESTIONS
-/*''''(++<2fone
`^@+——-**********+++++++extratos+/-//////
!@#$%PM
3fd2ed01-7c14-aad3-e80c-d324e5aff856
b9a5
z5x26182-5100-411h-99u6-29803594390A
umail
dieu
***—+++///@@@___<<>>>>>>%%%///**EXISTENTES-*+-*+-*+-*+-*+-*/////>>><<<<<<<<
panel3
b74b8aa4-ef05-a883-883c-8552939e0152
@@+-*/{{/*/*-*–+@###+-*@@}}}}}/*-*-+-*/{{/*-++-*@@@###}}}}}@US5%@##%/*-*-+-*/{{/*-++-*@@#}}}}}/*-*-+-*/{{##}}}/*-++-*@@@#}}%%%%
RECOMMANDE
631xdjn0-b511-41g3-9194-10w8518u648k
2f70f4c8-de35-9e17-2b08-3ee0cb4613dc
maincontent
ntica
assunzioni
sist
0a11279d-0396-458e-8ee8-7c8e3a89dd5a
19565
coming
preferences
493a
6b43f8o9-1n93-429u-Bt8k-e63003101494
colegiado
2719776f-131e-f131-5c31-898a58937b5e
*/[
parkside
100097
Unconfirmed
4e9d
20banner
/*//
spacer
estaticos
witnessed
43ea
e51c8e7d-c693-a794-bf79-e23589bc56c5
ning
therme
myupdates
jhenghei
-*/-*/+-*/="'(—htr-*/="'(—/+
——>>>>>>})%……….
4579
2d9ca684-821a-41d5-8cac-81f3ed94dd01
cb38
TAFELS
text4
2ecom
24515
JAVA-QUESTIONS
chamberlain
Ab0jA933-18g9-4ng9-8914-35gc521wad81
c39
borcu
+$$+$= =+= + $+=- +++ +—optics * -*-+++++++**–+*
5acaa684-5ea0-b990-5ec2-cf3ad0fd1804
mimetype
processa
mitreden
geliefert
++@@-*/-/*++++@@__–##~&&-*/–+<archive]+-/-*/*++@@__-(((“++++-/*-*+@@@#
___======_((((((_(((((“ORDERNUMBER
Duke_MBB
italien
piccard
cf6eec66-979f-421a-8c92-972915ff95bf
loveseat
Flamengo
scheda
plastics
AAAAAQA
cagnotte
possua
cracks
-$%*
FOLLOWING
XMLSCHEMA
40outlook
-/**-*/*MYACCOUNT–(]}
wannabe
+*+-*+*+-**+manage2+-*+-**++/*/*/-+
optie
a7b2
5148
1229
paralelo
licence
+++***//***_50676**///++++—*//++
addressee**%#=
Parution
+-<<<+-+-+$$//%%-+$$<+-+-+-%%+-+//%%–++**//%%$$+-+-+%%-+-+>+-=
4a46
puntas
659752
Harita
secureemail
migrating
Starpoints
v10
tableresize
announced
bIjEn/GUFECMHYGOX2TSJHBG0V/4a5a
liegt
headerbar
DISPONIBLE
M*(
tolles
!#
mailto
wednesday
perfeita
Schriftelijke
Dunkin
Bonoloto
dbDcde
—***+++$$$-*-*Booker+++-*-*-*-**-*-*___________googlefr/hebdu
appartamento
bagno
eigene
enkelte
verizon
3a76f5d1-9675-405c-9de3-a9b91ed6d755
M1951
ArchivE1
EXPLORING
xts
trains
dicamente
@|^?@@%*^$|*@-^^!-@@2F08_flawed//-*/_+-+*/-+=_+*-+*-+–/*+*+/-+*/-++*/-+*/%-+<
Wes
80b04d66-4776-3127-4ab9-dda5b4e3b1c3
-/*-*/-++@-*/-++++@__—*/<rats
Gant
0505
8783
bonefish
Peluche
fired
kleber
pancakes
micuenta
compenses
kenbaar
suporte
tlh
egy
Writer
whipped
5335
holding
tucked
49e6
ucc-cinema
WC1N
RESPONSES
b5e62448-c9f3-4d42-8c46-cbd53e095b70
IGP
THEAD
+-*+-*+-*+-*+-*////)()()()()(==(()()()(@@@@@@<<>>>>encaminhou>>>><<<<<>>>>>>+-*+-*+-*+-*+-*////@@@@@)()()()()(==[]]]
[archive]),
3d04c39b-a2fd-bb7d-a711-0115bb1e218e
Moritz
thewarehouse
diens
acceda
adds
FAVICON
soubarato
embrace
AZEVEDO
f4b7bfbb-bcb0-a224-679e-90d6a8a3fc62
___/////hotellet ____////////_///*—…………………….
postman
6dbc4918-3bb7-4d44-a5fd-f73bc89f57a2
suIvi
55862492-240w-4811-a28j-08t09344wk3w
100vw&&”‘”‘((–__))==//**–++&&”‘”‘((–__))==//**–++
acabemos
REFERENCE
4dc5
violation
laquo
infopages
earthlink
3a49fb77-9c9d-4df2-895e-8409d3f7c601
comunidade
Soupe
EXAM
424f3588-a83c-4cbe-be64-78a587d34704
aula
BTW
0160
exceptions
1F497D
matan
ornament
esma
questions
2fwww2
passenger
13k3493k-6062-406t-t280-v249383o2x0u
created.
miljarder
monitoring-portal
vertical
undead
Saturday
programmer
Toronto
PROHIBITED
VINDO
Finn
Library
psy
cumulative
probeert
Tutte
decorados
40c4
(___======_((((((_(-((((**-//*-*/=/$$thead*/****/*/*/*=$**/*—+++*///**+++///———-
candidature
Topics
invoices
startet
e14bd95e-bed5-4dc5-bcdb-2e28534c0970
Destinataire
Phil
botafogo
}@^^@}`|{{|`{#~~#{@^`|{|`^@@^`|{#~##{|`^@@^`|{&&?**!!/*-+/*-++-*/*-+*******++++++++++imagepadding
FANFICTION
Brasilia
2931
Updated
einsetzbar
BOOKING
murrieta
gunilla
PSU
ATTENDING
zealand
00PM
contenders
Brady
straks
bdfdf094-c489-a8f4-3a28-5243043899b1
participating
productions
gesetzliches
majadahonda
gekommen
?%-%-%-%-%-%-%-%-%-%- static4 ^
2fyour
assumir
concertadas
+*$$-**+*-$**$imageurl$_-$-+-*+-*–+
7100
pedal
alterar
debe
shoreline
Abreu
garbarino
srcset
pande
100a
3469
&&&(([|`-*//-alerts%#$$$/????@””””/***@-//—+–/=??????]]@
+-/*——–wonderfully——-*/*/*–/*
Antworten
pageId
-*/-*/+-*/=”‘(—meint-*/=”‘(—/+
yamaha
55340
interface
557px
axis
1F469
2FWWW
KUNA
niu-honfleur_verbindet_honfleur
colaboras
participez
9185
CONTAIN
thursday
contractually
-*/-*/+-*/=”‘(—hotlist-*/=”‘(—/+
butiker
getMedia
escada
8w828wf4-n650-4kv2-10z2-04863v683365
frontale
9640
evangelical
Seguramente
peralta
malicioso
Segundamano
3484
2fmyaccount
dietaesaude
FAQ
___/////wuaki____////////_///*—…………………….
breeding
(`-*//-Releases%#$$$/????@””””/***@-//—+–/=??????]@
showprofile
VICENZA
i1
media1
fbstatic
fwlink
55K
COMMENTS.BARCODE
rang
imdi
——–>{+_?!~$%^#^*)><
NZ
COMMENTS
{***}%{****%{}}*}}%%**%5262}**{{**}**}%%{**{%*
reuni
postanschrift
inspirErende
hornady
Kaufpreis
KAWAII
Perl
eprice
07120a35-5506-468b-902f-1b16a763999f
+++<<<———-//——–unqualified—–____///
626wk45o-6Bj6-44wh-2t06-9c420d105u0A
5rem
Joyeux
A380
Southwark
5250
myjob
Biblio
-*/-*/++**/-*11461*-/*-/*-+++-*
/<
—+–/=3D`-*//-Verywell%#//***-//–
"}
STATEMENTS
pastor
Boer
PRETENDE
mufg
*/*/–/*/*/-*-/*/-/*/*-++/*-*–*-+13264**-*-*-*–*+*-*-/*-*-/*/*/*-*-*-*-
incident
Agradeceremos
+++///****b14+++**///
appointment
FORMULA1
4258
28e3a5dd-8fb9-43a0-850c-4fac61cc3309
///""""###$$$'((%%%%instituts/"#$*%
selecting
DAC
deliciosas
frem
analisis
maille
altar
5452
employs
20news
Taipei
Advogada
348px
snapshot
mercredi
treasuries
https://www.snapchat.com/29589
https://www.snapchat.com/serait
https://www.snapchat.com/4223
https://www.snapchat.com/enewsletters
https://www.snapchat.com/footerimages

Anonymous
Anonymous
Spoof emails have become a big headache nowadays and can be a serious problem. In my personal email account alone, I receive all sorts of spoofs, that claim they are sent from legitimate companies such as Match.com, Ebay, Amazon, or Paypal. My spam filters are now working quite well, but even so, I recently received a very realistic-looking email from ‘Facebook’. In fact, the only reason I could tell this email was fake is that I originally signed up for Facebook with my university email address, and have since then changed my account to my work email (and not my personal email); thus there should be no reason for me to get email regarding my account on my personal address. What a headache!

Learning about spoofing and the Mailer-Daemon address was quite interesting and definitely taking steps to set up a filter in Horde is a solid piece of advice. And it was written very succinctly by someone who clearly had an idea of how this all works, which I appreciate. My fuzziness really lies in the explanation given in the beginning about what a spoof really was. The article did not provide enough information alone for me to be able to understand how it really worked, or why it was bad. I also wanted to know more about how spoofers get a hold of email addresses and if there are other ways to tell whether emails that say they are from specific places are not authentic.

Also, perhaps it is because I am starting out from only a basic understanding of what a spoof really is, but I did not get the gist of why anyone would do this. Are email addresses chosen at random to receive bunches of spam and it is just annoying, or are there viruses or phishing scams that might make these more dangerous to open? And is there any harm in clicking the links that such an email might contain? What about worms or other potential issues, and how might you go about protecting yourself should you have accidentally followed the email instructions without realizing? I would definitely like to be aware of these dangers, and I did not see that coming across to me within the article. As such, I ended up looking up the information for myself for a while, which took a long time. I would have appreciated some condensed information about that from the knowledgeable author of the article itself.

The fact that spoofing is becoming so popular now says a lot about the new waves of internet crime. Smart and savvy computer programmers now know that phishing is mostly filtered from popular email programs such as Yahoo!, Hotmail, or Gmail, so other ways of committing internet fraud. The best defense against these is to know about them and take preventative measures, and for those reasons I would say this article is useful and a great help for those who are trying to figure out how to use Horde.

Anonymous
Anonymous
Rather than having to deal with all this issues I prefer to use the Mail App from Google. I love Gmail and using this app for my domains is very hassle free. Even the spam filter is really good, and if it fails to detect spam I usually get saved by some random software that I find just by googleing “antivirus download free”…so Google helps me in this matter too 🙂

Anonymous
Anonymous
This is a pretty bad solution, MAILER-DAEMON email is for error reporting.

If a user puts this into place, if they accidently send an email to say a friend, and misspell the email address, they will never see the legitimate
email from mailer-daemon to notify them that they made a mistake.
Similarly, if the recipient has another error with their account, stopping delivery, the user sending the mail will never know their mail didn’t get thru …

alexc
alexc
True, if you have mailboxes setup. But note in our example that the domain has no user boxes setup, and the mail received at the root domain is simply taking up disk space.

But let’s say user mailboxes are in place. In that case you’ll want to install and configure spam filter software. If you’re in an open source Cpanel environment, you should have spam assassin at your disposal. Out of the box, it may not stop a lot of spam, but if you let it learn over time, or jump start it by importing a ruleset, it’s not a bad anti-spam solution.

Our recommendation, if you don’t have the time to mess with email setup and configuration, and to reduce the hassles of dealing with shared hosting server email issues (such as blacklisting) is to use Mailtrust. Contact us for promotions we can extend your way.

wpDiscuz

Send this to a friend