Jump to content
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
NickTheGreek

Self sent spam

Recommended Posts

024.jpg

despite proper DKIM/SPF setup and appropriate Spam Assassin configuration as well as

cPanel > Mail section > Default Address

 

set to

Current Setting: :fail: No Such User Here

 

I have a friend receiving self sent emails that are obviously spam

 

You would think this is common and easy to tackle but ... your could not be more wrong than that !

https://forums.cpanel.net/threads/self-sent-spam.334831/

https://forums.cpanel.net/threads/spam-sent-to-self.608551/

 

https://luxsci.com/blog/save-yourself-from-yourself-stop-spam-from-your-own-address.html

 

So, what do we recommend?

The simplest way to take care of this situation is to:

  1. Use Email Filtering systems that treat SPF and DKIM properly, to stop this kind of spam.
  2. Make sure that any catch-all email aliases are turned off (the ones that accept all email to unknown/undefined addresses in your domain and deliver them to you anyway — these are giant spam traps).
  3. Make sure that your email address and your domain name are NOT on your own Spam Filter allow or white list(s).
  4. Make sure that, if you are using your address book as a source of addresses to allow, that your own address is NOT in there (or else don’t white list your address book).
  5. Add the Internet IP address(es) of the servers from which you do send email to your allow list, if possible.  Contact your email provider for assistance in obtaining this list and updating your filters with it.
  6. Add SPF to your domain’s DNS.   Make it strict (i.e. “-all”)
  7. Use DKIM.  Make it strict (i.e. “dkim=discardable”).  See our DKIM Generator.
  8. Setup DMARC to enable servers to properly handle SPF and DKIM failures.
  9. Consider using Authenticated Received Chain (ARC) once it is available to you.  It will provide further levels of validation to handle problems with SPF and DKIM.

If you want to go further, consider use of technologies such as PGP or S/MIME for cryptographic signing of individual messages and consider “closed” email systems … where only the participants can send messages to each other.

 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×