Spoofed Emails

Discussion forum for Enterprise Edition.
Post Reply
Nomad
Posts: 16
Joined: Thu Jan 11, 2018 5:35 pm

Spoofed Emails

Post by Nomad »

Good day, I have an interesting problem :shock: .

I am receiving emails that are sent from me to me, but I never sent them, and there are about 35 per day. Looking at the email envelope I see the following:

Received: from 10.214.167.54
by atlas109.aol.mail.gq1.yahoo.com with HTTPS; Wed, 6 Jul 2022 17:56:42 +0000
Received: from 209.85.221.54 (EHLO mail-wr1-f54.google.com)
by 10.214.167.54 with SMTPs
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256);
Wed, 06 Jul 2022 17:56:41 +0000
Received: by mail-wr1-f54.google.com with SMTP id v14so23127942wra.5
for <MY EMAIL ADDRESS>; Wed, 06 Jul 2022 10:56:41 -0700 (PDT)
Received: from aznavrchol.cz ([185.173.178.215]) by MY EMAIL SERVER with
MailEnable ESMTP; Wed, 6 Jul 2022 14:20:01 -0600
From: "Life Association" <MY EMAIL ADDRESS>
To: "MY NAME" <MY EMAIL ADDRESS>

We have our server configured to only allow Authenticated Users to send email. It has been checked to ensure that it is not an Open Relay, our passwords are extremely complex and are changed monthly. I changed my password yesterday and I am still getting these.

Also, I blocked this address yesterday "185.173.178.215" and our server is not blocking it. SMPT -> Blocked addresses.

Any insight as to how this can happen and/or what we should to to prevent this (from a server perspective).

This has only recently (within the last week) started to happen.

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Spoofed Emails

Post by MailEnable-Ian »

Hi,

What you are experiencing is sender address spoofing. The first option to help prevent this is to enable the SMTP Security setting for "Address Spoofing" and set the option to "Authenticated senders can spoof the sender address".

Please see:

Code: Select all

https://www.mailenable.com/documentation/10.0/Enterprise/SMTP_props_-Security.html
- Address Spoofing
Regards,

Ian Margarone
MailEnable Support

Nomad
Posts: 16
Joined: Thu Jan 11, 2018 5:35 pm

Re: Spoofed Emails

Post by Nomad »

Apologies for the late replay -holiday time.

Yes, we have that enabled (and always have). The other interesting thing is that we are blocking the RDL (in this case .RU, along with others). Further, we have disallowed the smtp servers for these particular emails, yet we are still getting them.

We have checked and rechecked every setting we can think of and yet these emails are still arriving in my inbox. An example of a blocked address (actually range), 37.221.*.* as well as all the addresses as reported by mxtoolbox (mx records0.

As another series of steps, I changed my password once per day for the last three days (jus tomake sure) and still get these.
Any further suggestions' would be greatly appreciated.

Post Reply