Help with email spoofing

Discussion in 'Help Desk' started by Mike White, Jan 9, 2018.

  1. Mike White

    Mike White New Email

    Jan 9, 2018
    Likes Received:
    I run my own domain using a Hosting Service.

    My wife's email is getting spoofed with her email address

    I contacted my hosting service and realized that there was no SPF record in my DNS. They said adding one would fix the problem so we added the following:

    v=spf1 +a +mx -all

    ip addresses of the hosting mail servers.

    This was good and should have existed all along because it validated incoming email sites and stopped lots of spam we were getting other than these spoofs maybe some of the spoofs also.

    But still getting lots of spoofs, so I got serious about looking into the headers and noticed the following:

    Return-Path: <>

    From:"" <><>

    This is one example that shows that the Return-Path: and From: headers don't match. Don't know the rules well yet but do know Return-Path: is used for Replying. is what my email client displays as the From Address.

    I run Spam Assassin at level 2 and there is a X- header that states the email passes because the From: is in the white list with must be automatic because that is the owner email address.

    After getting back with my hosting service they insist that the SPF record is the answer even when presented with continued spoofing as described.

    I am looking for reasoning to give them that they are wrong, which is obvious but I assume that reasons exist related to the greater good of other clients to not implement other measures for me. I have not had this problem before so I am really just now learning the guts of this game. I wrote a Python script to extract these headers and analyze them. Any headers I should be looking at and the logic behind them would be appreciated.

    Thanks in advance for you good insight and advice.

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.