I'm hoping the community can help me shed some light on a recent email spoof. Yesterday my client woke up to find hundreds of bounced failure notices.
The client did not personally send any of these emails. Each failure notice had a different reply-to address i.e.
xyxyxs@client-domain.co.uk
trg@client-domain.co.uk
hjd@client-domain.co.uk
The various reply-to addresses suggest that only the clients domain had been spoofed and not a specific email account (i.e actual-email@client-domain.co.uk).
I know if your email account has been spoofed, it's game over and you need to create a new email address. However, a specific address hasn't been targeted. Am I correct in thinking that I do not need to delete and create a new email address? I also assume the domain would have been widely blacklisted? Should I move hosting companies and would this make a difference?
Either way, I'll be implementing DKIM.
Sorry for so many questions, I'm just a little lost as the spoofer didn't target a specific email address.
Thanks
Answer
If I understand well, a spammer sent email with a forged from header.
Unfortunately, this is easy to do, but it has no other consequence but annoyance. You have therefore nothing to do except securing your server with SPF and dkim.
You speak about changing the hosting company. There is no need at all, not even for changing the mail address, at least if I understand what happened to you.
No comments:
Post a Comment