cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
New

spoofing/spam email from our account

We have problems with our email account since NOVEMBER 2015.

Every couple of weeks spam emails are sent with our name and email address (I am guessing hundreds).

Every time I contacted GoDaddy there was a “different” story or suggestion.

It is a mac mail problem, I have a virus on my computer, I have a virus on my iphone/ipad, there is nothing I can do, my keystrokes are tracked, change the password (I did countless times).….

 

We have antivirus and malware software on every single device (including alert/protection for keystroke tracking). Everything is clean.

I researched the topic online myself and asked for a SPF record t be set up up/added.  (It was not suggested byGoDaddy).

 

Several weeks ago I was told that I should switch to an office 365 exchange account. It is more secure and I will not have any problems anymore. The person was surprised that nobody else had suggestd that. I still had 2 spam attacks since then!

 

We have a business and it is very embarrassing that those emails are sent to our clients. It is damaging to our reputation.

We do have 2 other email accounts on our devices and never ever had once a problem.

 

I also noticed that my regular Imap email ist still running in the GoDaddy workspace.

All the emails I see in there look like junk mail.

Does that need to be canceled as we have the 365 running? Could this be a problem that the imap account is still on?

3 REPLIES 3
Super User I Super User I
Super User I

Re: spoofing/spam email from our account

Hey @davido,

 

Unfortunately email spoofing is often an external process and not an internal one (meaning that the spoofed emails do not come from your email server). Those who have bad intentions could write and send spoofed email from your email address or domain just by having your domain name. Typically these kinds of emails are sent in bulk from a server that the spoofer controls, the email address is forged but the IP address of the computer/server sending the mail can be identified from the lines in the email header.

 

SSL/TLS is often used for server-to-server traffic allowing the acceptance of legitimately sent email but not all servers or services use SSL/TLS. Other solutions like SPF, DKIM or DMARC are also used but again not by every server. I don't remember where but I saw one poll that said up to half of emails have no form of domain authentication? Back when I was still working in corporate the sending of Non Delivery Reports fell out of favor because it meant that you would get 1000 spoofed messages in and send out 1000 bounce backs creating SPAM but from your legitimate IP and mail system. Most often now these spoofing emails are just collected but never seen.

 

There could be large quantities of spoofed emails coming from any domain, I have often seen legitimate website domains used to spoof because of the trust it provides. The real solution is to make it so that email systems do not accept spoofed emails but that is easier said than done. Unfortunately there are tons of mainstream services that do not have proper spoofing protocols in place. Some spoofing could have an impact on your domain by getting you flagged as a spammer. There are often cases where a contact form is setup to send spoofed emails as confirmation. 

 

Now reading that back I have offered no real solutions and I'm trying to think of some but... Even if you are using a system with high authentication protocols there is no guarantee that others who send/receive emails to/from you are. What I do is only offer client services that utilize proper protocols and send with the same but I often get requests from perhaps legitimate clients that are not adequately authenticated.  I guess I'm saying that I wish there was a solution? How about use as robust of a email service as you can? If your domain is a percentage harder to spoof than the next maybe the spoofer would just move on to the next? Educate clients on email and what a proper email from you looks like and help them choose a robust service. Unfortunately better email can get expensive and given some of the low/no cost alternatives it can be a hard sell. Hope that helps?

...turns out that my two cents is worth less or more depending on the current exchange rate.

roy darling *my posts seem a lot shorter in my head

Re: spoofing/spam email from our account

Hello David,

As RD stated, you can protect your domain using SPF, DKIM, and DMARC. I noticed that you stated that you use Office 365. A platform I am very familiar with. If you allowed your Office 365 Tenant to be setup by Microsoft, then your SPF record would look somewhat like this.

 

"v=spf1 include:spf.protection.outlook.com -all"

 

This helps larger Email Solutions/Filtering Solutions (Office 365, Google Apps, ProofPoint, etc.) to filter out emails which are not legitimate. However, having only a SPF record is not enough. Especially if you are using 3rd party tools and have a SPF record set to a Soft Fail.

 

If you haven't done so yet, I would recommend keeping your SPF record up to date, turning on DKIM for Office 365 and adding the 2 CNAME Records. Lastly creating a DMARC record for your domain.  

 

DKIM for Office 365 is great due to the fact that it signs your message before it leaves your Tenant. Which helps with SCL (Spam Confidence Level).

 

I hope this helps!

Dan

Your Pal,
Dan
New

Re: spoofing/spam email from our account

Hi,

Earlier we were facing the same issue and I would like to give you some notes to stop the Spoofing.

  1. SPF record should be updated to your domain DNS
  2. You can configure DMARC record as optional.
  3. All your end user systems should be installed with endpoint security (i.e. Symantec Endpoint Security) which can be blocking the network attack as well as port scan attack.
  4. Normal antivirus will not help you to stop against the Spoofing in your end user systems.
  5. Keep all the system security updated and secured.
  6. Advice the user to not click link or open the mail which is received as SPAM.
  7. If you are using only the webmail, you will not face any issue like spoofing.

Kindly do above mentioned steps and you will not face any issue like getting SPAM mail from OWN domain.