Email Hackers or Spoofers

/in /by

Email spam, we all get our share, and we all dislike (hate) them. Do these senders really think we want what they are selling after they rudely bombard us with their advertising?  What we often don’t realize is that the sending email address is often not the offender.  The process is called outbound spamming, and your very email address could be a victim.

If you have ever opened up your inbox and found a bunch of mail items from the Mail Delivery System with subjects something like “Undelivered Mail Returned to Sender” when you know you haven’t sent the email that was bounced; then you are probably a victim of outbound spam.  Making matters worse, there are probably a lot of people that did receive the spam emails thinking you are the offender.

When this occurs it’s generally a good indication that your email address is being maliciously used to distribute spam/malware to these addresses.  The two most common methods spammers us is to either “Spoof” your email address or outright compromising your account password.

Spoofing

Spoofing is when a spammer sends out emails using your email address in the “From:” field. The purpose is to make it appear that the message has originated from you, hoping to trick people into opening it. The good news – this can be rather easily defeated by creating a Sender Policy Framework (SPF) record on your server.  It is a little technical and may require someone familiar working with cPanels to help.

The SPF records allow you to specify exactly which servers are permitted to send/relay email messages using your domain; thus, preventing the real spammer from posing as you.

Compromised Accounts

A Compromised Account is when a hacker has gained access using the password to your email account and is now using it to send out their spam/malware messages. You can thwart the hacker by simply changing your email password to something more secure. This will prevent them from being able to login to send out email messages.

Raise Your Security Level

As much as we dislike spam and someone posing as us, we also dislike having to deal with passwords, specifically using and maintaining highly secure and unique passwords for every account we own.  So, most of us use the same passwords on everything.  To help with this issue, we suggest LastPass because it not only creates highly cryptic passwords, but then stores and manages them for easy retrieval whenever we are ready to login.  For more information on LastPass click here.

HOW TO: Creating a SPF record in cPanel (for Site5)

This instructions are for sites hosted with Site5.  If you have a different host (most likely) you should contact their support and ask for instructions  on creating an SPF record to protect against “Outbound Spamming / Spoofing”.  

To create a SPF record in cPanel, there is a built in utility to aide in the process.

1) Log into your cPanel and select Email Authentication.

2) You have options for DKIM & SPF. DKIM isn’t that widely supported at this time so it should not be used unless you really need it. Click Enable SPF

3) Upon clicking Enable SPF, it will  generate the record for you and display it for you. You do not need to save this and you can click Go Back

4) cPanel will now display the default SPF record for your domain. We will need to make one further adjustment. Select Add in the Include List (INCLUDE): section of your screen.

5) In the dialog box please enter: relays.webhost-mail.com and click OK

6) This will now see relays.webhost-mail.com in the Include List box. Click Update to save the changes.

Please Note: The “relays.webhost-mail.com” is the Site5 SMTP server relay service which is responsible for scanning outgoing mail messages for spam characteristics. This allows them to catch spammers in real time (almost) which helps keep their servers off of email blacklists. When a particular mail message is determined to be clean the SMTP Relay server will then attempt to send the message to its intended destination.  The relay listed in the SPF record simply means that you are allowing that server to send email on your domains behalf.

7) You record should now look like the following:

v=spf1 +a +mx +ip4:YOURDOMAINIP +include:relays.webhost-mail.com ~all