Mike White
New Email
I run my own domain using a Hosting Service.
My wife's email is getting spoofed with her email address my@mydns.com.
I contacted my hosting service and realized that there was no SPF record in my DNS. They said adding one would fix the problem so we added the following:
v=spf1 +a +mx +ip4:xxx.xxx.xxx.xxx +ip4:xxx.xxx.xxx.xxx -all
ip addresses of the hosting mail servers.
This was good and should have existed all along because it validated incoming email sites and stopped lots of spam we were getting other than these spoofs maybe some of the spoofs also.
But still getting lots of spoofs, so I got serious about looking into the headers and noticed the following:
Return-Path: <contact@xxxx.com>
From:"xxxx.com" <my@mydns.com><person@xxxx.com>
This is one example that shows that the Return-Path: and From: headers don't match. Don't know the rules well yet but do know Return-Path: is used for Replying. my@mydsn.com is what my email client displays as the From Address.
I run Spam Assassin at level 2 and there is a X- header that states the email passes because the From: my@mydsn.com is in the white list with must be automatic because that is the owner email address.
After getting back with my hosting service they insist that the SPF record is the answer even when presented with continued spoofing as described.
I am looking for reasoning to give them that they are wrong, which is obvious but I assume that reasons exist related to the greater good of other clients to not implement other measures for me. I have not had this problem before so I am really just now learning the guts of this game. I wrote a Python script to extract these headers and analyze them. Any headers I should be looking at and the logic behind them would be appreciated.
Thanks in advance for you good insight and advice.
My wife's email is getting spoofed with her email address my@mydns.com.
I contacted my hosting service and realized that there was no SPF record in my DNS. They said adding one would fix the problem so we added the following:
v=spf1 +a +mx +ip4:xxx.xxx.xxx.xxx +ip4:xxx.xxx.xxx.xxx -all
ip addresses of the hosting mail servers.
This was good and should have existed all along because it validated incoming email sites and stopped lots of spam we were getting other than these spoofs maybe some of the spoofs also.
But still getting lots of spoofs, so I got serious about looking into the headers and noticed the following:
Return-Path: <contact@xxxx.com>
From:"xxxx.com" <my@mydns.com><person@xxxx.com>
This is one example that shows that the Return-Path: and From: headers don't match. Don't know the rules well yet but do know Return-Path: is used for Replying. my@mydsn.com is what my email client displays as the From Address.
I run Spam Assassin at level 2 and there is a X- header that states the email passes because the From: my@mydsn.com is in the white list with must be automatic because that is the owner email address.
After getting back with my hosting service they insist that the SPF record is the answer even when presented with continued spoofing as described.
I am looking for reasoning to give them that they are wrong, which is obvious but I assume that reasons exist related to the greater good of other clients to not implement other measures for me. I have not had this problem before so I am really just now learning the guts of this game. I wrote a Python script to extract these headers and analyze them. Any headers I should be looking at and the logic behind them would be appreciated.
Thanks in advance for you good insight and advice.
