Hi,
I receive emails from me@mydomain.com to me@mydomain.com with an IP from another unauthorized server, 72.55.153.12 is not my IP and is not autorize on my server.
Here ==> mydomain.com: domain of sweetdreamshouse.com designates 72.55.153.12 as permitted sender FALSE !
Tx.
Spoofing me@mydomain.com to me@mydomain.com but not from my IP.
Spoofing me@mydomain.com to me@mydomain.com but not from my IP.
Last edited by oznog on Thu Apr 04, 2019 2:34 pm, edited 2 times in total.
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: Spoofing me@mydomain.com to me@mydomain.com but not from my IP.
Hi,
Do you have the SMTP security option for "Address Spoofing" set to "Authenticated senders can spoof the sender address" enabled?
https://www.mailenable.com/documentatio ... urity.html - Address Spoofing
Do you have the SMTP security option for "Address Spoofing" set to "Authenticated senders can spoof the sender address" enabled?
https://www.mailenable.com/documentatio ... urity.html - Address Spoofing
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
Re: Spoofing me@mydomain.com to me@mydomain.com but not from my IP.
Yes, but « Authenticated user can spoof sender addresses ».
- Attachments
-
- spoofing.jpg (92.65 KiB) Viewed 19684 times
Last edited by oznog on Thu Apr 04, 2019 2:34 pm, edited 4 times in total.
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: Spoofing me@mydomain.com to me@mydomain.com but not from my IP.
Hi,
Ok, the headers of the message indicate that the sender address used in the SMTP transaction is not spoofed. The SMTP transaction address is the reply-path address in the message headers which is <reservaciones@sweetdreamshouse.com> and therefore explains why its not being stopped by the address spoofing option since the address is not hosted locally on your server. The address spoofing option only works at the SMTP level not in the message FROM header.
Ok, the headers of the message indicate that the sender address used in the SMTP transaction is not spoofed. The SMTP transaction address is the reply-path address in the message headers which is <reservaciones@sweetdreamshouse.com> and therefore explains why its not being stopped by the address spoofing option since the address is not hosted locally on your server. The address spoofing option only works at the SMTP level not in the message FROM header.
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
Re: Spoofing me@mydomain.com to me@mydomain.com but not from my IP.
Tx Ian you help me a lot to choose!
Re: Spoofing me@mydomain.com to me@mydomain.com but not from my IP.
After years I finally found a track, you have to use DMARC. But not only a DKIM and a DMARC policy!
In the DMARC "p=none" indicates to take no action (Domain Owner is not asking the Receiver to take action if a DMARC check fails.). It is also strongly recommended (and widely used) to avoid being blocked in the long term because of a configuration problem for example. But when you are sure that your configuration is perfect (see the DMARC reports), you can say "p=quarantine" or "p=reject" policy that requests more aggressive protective actions by receivers...
Again, CAUTION using "p=quarantine" or "p=reject", the consequences can be drastic!
https://dmarc.org/wiki/FAQ#Does_DMARC_. ... livered.3F
Tx.
In the DMARC "p=none" indicates to take no action (Domain Owner is not asking the Receiver to take action if a DMARC check fails.). It is also strongly recommended (and widely used) to avoid being blocked in the long term because of a configuration problem for example. But when you are sure that your configuration is perfect (see the DMARC reports), you can say "p=quarantine" or "p=reject" policy that requests more aggressive protective actions by receivers...
Again, CAUTION using "p=quarantine" or "p=reject", the consequences can be drastic!
https://dmarc.org/wiki/FAQ#Does_DMARC_. ... livered.3F
Tx.
Re: Spoofing me@mydomain.com to me@mydomain.com but not from my IP.
Too bad that MailEnable doesn't support DMARC yet causing that kind of spam to pass through.oznog wrote:After years I finally found a track, you have to use DMARC. But not only a DKIM and a DMARC policy!
In the DMARC "p=none" indicates to take no action (Domain Owner is not asking the Receiver to take action if a DMARC check fails.). It is also strongly recommended (and widely used) to avoid being blocked in the long term because of a configuration problem for example. But when you are sure that your configuration is perfect (see the DMARC reports), you can say "p=quarantine" or "p=reject" policy that requests more aggressive protective actions by receivers...
Again, CAUTION using "p=quarantine" or "p=reject", the consequences can be drastic!
https://dmarc.org/wiki/FAQ#Does_DMARC_. ... livered.3F
Tx.