Monday, February 22, 2016

Should I move servers and change email address after email spoofing?





I'm hoping the community can help me shed some light on a recent email spoof. Yesterday my client woke up to find hundreds of bounced failure notices.



The client did not personally send any of these emails. Each failure notice had a different reply-to address i.e.



xyxyxs@client-domain.co.uk
trg@client-domain.co.uk

hjd@client-domain.co.uk



The various reply-to addresses suggest that only the clients domain had been spoofed and not a specific email account (i.e actual-email@client-domain.co.uk).



I know if your email account has been spoofed, it's game over and you need to create a new email address. However, a specific address hasn't been targeted. Am I correct in thinking that I do not need to delete and create a new email address? I also assume the domain would have been widely blacklisted? Should I move hosting companies and would this make a difference?



Either way, I'll be implementing DKIM.



Sorry for so many questions, I'm just a little lost as the spoofer didn't target a specific email address.




Thanks


Answer



If I understand well, a spammer sent email with a forged from header.



Unfortunately, this is easy to do, but it has no other consequence but annoyance. You have therefore nothing to do except securing your server with SPF and dkim.



You speak about changing the hosting company. There is no need at all, not even for changing the mail address, at least if I understand what happened to you.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...