Spoofing email sender

Questions and answers about how to do stuff
Post Reply
musabr187
Posts: 11
Joined: 24 Sep 2018 06:02

Spoofing email sender

Post by musabr187 » 02 Jul 2019 10:14

Hi,

Please check the below Message Headers.
It seems that email came from “xyclient@clientdomain.com” to our user but actually it came from spammer domain “spam@spammerdomain.com”.
How to stop this type of spoof sender?

Code: Select all

Message Headers:
X-Greylist: from auto-whitelisted by SQLgrey-1.8.0

Received: from p3plwbeout24-03.prod.phx3.secureserver.net (p3plsmtp24-03-2.prod.phx3.secureserver.net [6x.1xx.2x.8x])

     (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
     (No client certificate requested)
     by efa.mydomain.com (Postfix) with ESMTPS id 0F6D52004F
     for <useryz@mydomain.com>; Fri, 28 Jun 2019 15:50:42 +0600 (+06)
     
Received: from p3plgemwbe24-04.prod.phx3.secureserver.net ([6x.1xx.2x.3x])

     by :WBEOUT: with SMTP
     id gnWghFKmZMm07gnWghn61N; Fri, 28 Jun 2019 02:50:38 -0700
x-spam-cmae: v=2.3 cv=bbYVr9HB c=1 sm=1 tr=0 p=7yxffpEq0gcA:10
a=dHfGxqcr9br9LRBXQET8+w==:117 a=t7-517cIfPgA:10 a=Z9wjynxBM7QA:10
a=IkcTkHD0fZMA:10 a=x7bEGLp0ZPQA:10 a=dq6fvYVFJ5YA:10
a=SMA2vAEImpSGY5B_weYA:9 a=WlGGN2qpwq85hS5d:21 a=_W_S_7VecoQA:10
a=QEXdDO2ut3YA:10

x-spam-account: spam@spammerdomain.com
x-spam-domain: spammerdomain.com

X-SID: gnWghFKmZMm07
Received: (qmail 25350 invoked by uid 99); 28 Jun 2019 09:50:38 -0000
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"

X-Originating-IP: 19x.5x.xx.xx

User-Agent: Workspace Webmail 6.9.59
Message-Id: <20190628025035.cbcfdc71d348cb9306d4b61b9bb94be6.be5980cf9b.wbe@email24.godaddy.com>

From: "xy client" <xyclient@clientdomain.com>
X-Sender: spam@spammerdomain.com
Reply-To: "xy client" <clickup@dr.com>
To: useryz@mydomain.com

Subject: Re: Payment
Date: Fri, 28 Jun 2019 02:50:35 -0700
Mime-Version: 1.0
X-CMAE-Envelope: MS4wfMgXdrLYP1Rx09BE4S/a36ZF7wD+ZVqf+yXBskNkGhLoTaGTer+XxbrU9Hyvywxnc7OmbuXuY8pt9
gBI5vqDSVcGr2MT9/7uJ7Usqp94KBSSCFpij4zVqK74YWXmI21vOeO4U2+MQGWSJnnpEBiPHiXNw7TPelPuJjX39k9pJ4r87Tnx
kEy+Rp5DFHuMu5eC28b6KA==

From:  spam@spammerdomain.com  	[Add to Whitelist | Add to Blacklist]
To:      useryz@mydomain.com
Subject:	Re: Payment
Size:	3.64kB

Anti-Virus/Dangerous Content Protection
Virus:		 N 
Blocked File:	 N 
Other Infection: N 
SpamAssassin
Spam:	 N   Action(s): store, deliver, header, "X-Spam-Status:No",
High Score Spam:	 	N 
SpamAssassin Spam:	 	N 
Listed in RBL:	 	 	N 
SPAM Whitelisted:	 	N 
SPAM Blacklisted:	 	N 
SpamAssassin Autolearn:	 N 
SpamAssassin Score:	4.10

Spam Report:	
Score	Matching Rule					Description
0.80		BAYES_50	 
2.10		FREEMAIL_FORGED_REPLYTO	 
0.25		HEADER_FROM_DIFFERENT_DOMAINS	 
0.00		HTML_MESSAGE	 
1.00		KAM_LAZY_DOMAIN_SECURITY	 
0.10		MIME_HTML_ONLY	 
-0.00	RCVD_IN_DNSWL_NONE	 
0.00		SPF_HELO_NONE	 
0.00		SPF_NONE	 
-0.15	SQLGREY_WHITE

Post Reply