Spoofing me@mydomain.com to me@mydomain.com but not from my IP.

Discussions on webmail and the Professional version.
Post Reply
oznog
Posts: 27
Joined: Tue Jun 15, 2010 11:38 am

Spoofing me@mydomain.com to me@mydomain.com but not from my IP.

Post by oznog » Tue Apr 02, 2019 4:26 pm

Hi,

I receive emails from me@mydomain.com to me@mydomain.com with an IP from another unauthorized server, 72.55.153.12 is not my IP and is not autorize on my server.

Here ==> mydomain.com: domain of sweetdreamshouse.com designates 72.55.153.12 as permitted sender FALSE !

Tx.
Last edited by oznog on Thu Apr 04, 2019 2:34 pm, edited 2 times in total.

MailEnable-Ian
Site Admin
Posts: 8951
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Spoofing me@mydomain.com to me@mydomain.com but not from my IP.

Post by MailEnable-Ian » Tue Apr 02, 2019 11:34 pm

Hi,

Do you have the SMTP security option for "Address Spoofing" set to "Authenticated senders can spoof the sender address" enabled?

https://www.mailenable.com/documentatio ... urity.html - Address Spoofing
Regards,

Ian Margarone
MailEnable Support

oznog
Posts: 27
Joined: Tue Jun 15, 2010 11:38 am

Re: Spoofing me@mydomain.com to me@mydomain.com but not from my IP.

Post by oznog » Wed Apr 03, 2019 2:16 am

Yes, but « Authenticated user can spoof sender addresses ».
Attachments
spoofing.jpg
spoofing.jpg (92.65 KiB) Viewed 3692 times
Last edited by oznog on Thu Apr 04, 2019 2:34 pm, edited 4 times in total.

MailEnable-Ian
Site Admin
Posts: 8951
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Spoofing me@mydomain.com to me@mydomain.com but not from my IP.

Post by MailEnable-Ian » Wed Apr 03, 2019 4:16 am

Hi,

Ok, the headers of the message indicate that the sender address used in the SMTP transaction is not spoofed. The SMTP transaction address is the reply-path address in the message headers which is <reservaciones@sweetdreamshouse.com> and therefore explains why its not being stopped by the address spoofing option since the address is not hosted locally on your server. The address spoofing option only works at the SMTP level not in the message FROM header.
Regards,

Ian Margarone
MailEnable Support

oznog
Posts: 27
Joined: Tue Jun 15, 2010 11:38 am

Re: Spoofing me@mydomain.com to me@mydomain.com but not from my IP.

Post by oznog » Wed Apr 03, 2019 7:08 am

Tx Ian you help me a lot to choose!

oznog
Posts: 27
Joined: Tue Jun 15, 2010 11:38 am

Re: Spoofing me@mydomain.com to me@mydomain.com but not from my IP.

Post by oznog » Fri May 17, 2019 11:58 am

After years I finally found a track, you have to use DMARC. But not only a DKIM and a DMARC policy!

In the DMARC "p=none" indicates to take no action (Domain Owner is not asking the Receiver to take action if a DMARC check fails.). It is also strongly recommended (and widely used) to avoid being blocked in the long term because of a configuration problem for example. But when you are sure that your configuration is perfect (see the DMARC reports), you can say "p=quarantine" or "p=reject" policy that requests more aggressive protective actions by receivers...

Again, CAUTION using "p=quarantine" or "p=reject", the consequences can be drastic!

https://dmarc.org/wiki/FAQ#Does_DMARC_. ... livered.3F

Tx.

Maranda
Posts: 21
Joined: Mon Dec 11, 2017 8:10 pm

Re: Spoofing me@mydomain.com to me@mydomain.com but not from my IP.

Post by Maranda » Sat May 18, 2019 6:37 am

oznog wrote:After years I finally found a track, you have to use DMARC. But not only a DKIM and a DMARC policy!

In the DMARC "p=none" indicates to take no action (Domain Owner is not asking the Receiver to take action if a DMARC check fails.). It is also strongly recommended (and widely used) to avoid being blocked in the long term because of a configuration problem for example. But when you are sure that your configuration is perfect (see the DMARC reports), you can say "p=quarantine" or "p=reject" policy that requests more aggressive protective actions by receivers...

Again, CAUTION using "p=quarantine" or "p=reject", the consequences can be drastic!

https://dmarc.org/wiki/FAQ#Does_DMARC_. ... livered.3F

Tx.
Too bad that MailEnable doesn't support DMARC yet causing that kind of spam to pass through.

Post Reply