Spoofing mails on the rise

mauzilla

Member
Joined
Jul 19, 2019
Messages
23
Reaction score
3
Location
Hibberdene, Kwazulu-Natal
Curious if any of the other hosts have noted over the last week or so that there are an increase in spoofing mails, specifically coming from webmail accounts. They try to tell a client that their password will reset or get them to enter their account information. We're warning clients against it but even SpamExperts seem to fail to block these.
 
Curious if any of the other hosts have noted over the last week or so that there are an increase in spoofing mails, specifically coming from webmail accounts. They try to tell a client that their password will reset or get them to enter their account information. We're warning clients against it but even SpamExperts seem to fail to block these.

Fake African Bank and Apple emails have been bombing the crap outta me this week, my work email and private
 
Are the emails routing via your spam gateway? - what do the headers say?
If so then contact flag those mails as spam...

If not then you need to ensure that SMTP auth is enabled for local delivery.
 
Did someone configure SpamExperts to block spoofing for you guys? Probably not going to do it by default.
 
Yup, their routed through Spam Experts then delivered to our server. It's blatant spam / spoofing yet SpamExperts releases them. I'm getting a little frustrated as their keep telling you to train the mails as spam, yet, 2 days later a different variant of the mail will land in your mailbox. Fortunately Google picks up on these quite fast so by the time the user clicks on a link they are warned in browser.

The ones today came from a Russian site, best is:

X-Sender-Warning: megaplan.l-start.ru has no MX records
X-Spampanel-Class: unsure
X-Spampanel-Evidence: Combined (0.84)
X-Recommended-Action: accept

The header recommendation is to accept the mail :|
 
Best coarse of action for now is to do what you have done and that is to educate your users / clients and keep adding to spam to train.

Try adding a rule to catch and block mails originating from .ru - this is not fool proof but may help.
 
Top
Sign up to the MyBroadband newsletter
X