Solved Spoofed Mails showing origin as my domain but different IP

December 1, 2014 at 02:30:21
Specs: Windows 7
I hope I am posting this question in the right forum. Please forgive me if I am mistaken.

I am managing a small domain, hosted on a third party's Linux server. IP is 50.97.99.6.

On my domain, one of the email addresses, say, abcd@efgh.com had been likely compromised and being used by a spoofer in Nigeria. I have deleted this mailbox but any bounced mails come to the Catch All account. His IP address is 41.138.168.39 issued by an ISP in Nigeria Visafone Communications Limited, and I have mailed them about their client sending fake mails showing our domain as the originator (but without our proper IP) - don't know how he does it.

What can I do to stop this guy? Where to report his fraudulent activity?

Appreciate any help. Thanks


See More: Spoofed Mails showing origin as my domain but different IP

Report •

#1
December 1, 2014 at 02:47:24
✔ Best Answer
I'm afraid there is nothing more that you can do if the ISP of the sender won't take action. It is trivial to forge the "From" address in an email. Just one of the joys of the Internet.

Report •

#2
December 1, 2014 at 07:25:30
The best way to deal with SPAM is to avoid it in the first place. Once a spammer has your email address there is little you can do. SPAM filters can help but there are many ways to evade them.

Spammers go to great lengths to hide their true identity and it is generally very effective. Th IP address you show may not be the source of the SPAM at all.


Report •

#3
March 11, 2015 at 17:16:41
Google the email address you mentioned. If you find it then so can the spammers, in which case change that email address and make sure the new one never appears undisguised on the internet.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

Related Solutions

#4
March 16, 2015 at 02:01:10
Thanks all for the input. I dealt with the problem in three ways:
a) Deleted the email account the spammer was using.
b) Wrote to the ISP in Nigeria and asked for their help. They very kindly stopped that guy.
c) In the cpanel for my domain, enabled SPF (Sender Policy Framework). Description:

SPF

The SPF system allows you to specify servers and IP addresses that are authorized to send mail from your domain(s). This feature works to prevent outgoing spam messages.
Status: Enabled & Active (DNS Check Passed)
Your current raw SPF record is : v=spf1 +a +mx +ip4:xx.xx.xx.x -all

(xx.xx.xx.x is my domain IP)

So, the problem appears to be solved now. Thanks for all the input.


Report •

#5
March 16, 2015 at 08:09:52
Thanks for the feedback.

Always pop back and let us know the outcome - thanks


Report •

Ask Question