Please check the below Message Headers.
It seems that email came from “xyclient@clientdomain.com” to our user but actually it came from spammer domain “spam@spammerdomain.com”.
How to stop this type of spoof sender?
Code: Select all
Message Headers:
X-Greylist: from auto-whitelisted by SQLgrey-1.8.0
Received: from p3plwbeout24-03.prod.phx3.secureserver.net (p3plsmtp24-03-2.prod.phx3.secureserver.net [6x.1xx.2x.8x])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by efa.mydomain.com (Postfix) with ESMTPS id 0F6D52004F
for <useryz@mydomain.com>; Fri, 28 Jun 2019 15:50:42 +0600 (+06)
Received: from p3plgemwbe24-04.prod.phx3.secureserver.net ([6x.1xx.2x.3x])
by :WBEOUT: with SMTP
id gnWghFKmZMm07gnWghn61N; Fri, 28 Jun 2019 02:50:38 -0700
x-spam-cmae: v=2.3 cv=bbYVr9HB c=1 sm=1 tr=0 p=7yxffpEq0gcA:10
a=dHfGxqcr9br9LRBXQET8+w==:117 a=t7-517cIfPgA:10 a=Z9wjynxBM7QA:10
a=IkcTkHD0fZMA:10 a=x7bEGLp0ZPQA:10 a=dq6fvYVFJ5YA:10
a=SMA2vAEImpSGY5B_weYA:9 a=WlGGN2qpwq85hS5d:21 a=_W_S_7VecoQA:10
a=QEXdDO2ut3YA:10
x-spam-account: spam@spammerdomain.com
x-spam-domain: spammerdomain.com
X-SID: gnWghFKmZMm07
Received: (qmail 25350 invoked by uid 99); 28 Jun 2019 09:50:38 -0000
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"
X-Originating-IP: 19x.5x.xx.xx
User-Agent: Workspace Webmail 6.9.59
Message-Id: <20190628025035.cbcfdc71d348cb9306d4b61b9bb94be6.be5980cf9b.wbe@email24.godaddy.com>
From: "xy client" <xyclient@clientdomain.com>
X-Sender: spam@spammerdomain.com
Reply-To: "xy client" <clickup@dr.com>
To: useryz@mydomain.com
Subject: Re: Payment
Date: Fri, 28 Jun 2019 02:50:35 -0700
Mime-Version: 1.0
X-CMAE-Envelope: MS4wfMgXdrLYP1Rx09BE4S/a36ZF7wD+ZVqf+yXBskNkGhLoTaGTer+XxbrU9Hyvywxnc7OmbuXuY8pt9
gBI5vqDSVcGr2MT9/7uJ7Usqp94KBSSCFpij4zVqK74YWXmI21vOeO4U2+MQGWSJnnpEBiPHiXNw7TPelPuJjX39k9pJ4r87Tnx
kEy+Rp5DFHuMu5eC28b6KA==
From: spam@spammerdomain.com [Add to Whitelist | Add to Blacklist]
To: useryz@mydomain.com
Subject: Re: Payment
Size: 3.64kB
Anti-Virus/Dangerous Content Protection
Virus: N
Blocked File: N
Other Infection: N
SpamAssassin
Spam: N Action(s): store, deliver, header, "X-Spam-Status:No",
High Score Spam: N
SpamAssassin Spam: N
Listed in RBL: N
SPAM Whitelisted: N
SPAM Blacklisted: N
SpamAssassin Autolearn: N
SpamAssassin Score: 4.10
Spam Report:
Score Matching Rule Description
0.80 BAYES_50
2.10 FREEMAIL_FORGED_REPLYTO
0.25 HEADER_FROM_DIFFERENT_DOMAINS
0.00 HTML_MESSAGE
1.00 KAM_LAZY_DOMAIN_SECURITY
0.10 MIME_HTML_ONLY
-0.00 RCVD_IN_DNSWL_NONE
0.00 SPF_HELO_NONE
0.00 SPF_NONE
-0.15 SQLGREY_WHITE