How to Prevent Mail Spoofing on a cPanel Server

Email Spoofing
http://oregonstate.edu/

Mostly, abusive or irrelevant e-mails carry fake addresses, and many times, the real owners of the e-mail addresses suffer the consequences and receive abuse notifications. They may even be held liable for the nuisance caused by such spurious emails. Therefore, it is recommended to add an SPF record along with a DKIM to establish the identity of the message.

The screenshot shows an example of email spoof done using PayPal lookalike ID, deceiving the user, while the mail isn't really originating from PayPal.com or PayPal.co.uk in reality.

 

Setting up Domain Keys

Setting up "Domain Keys" can act as an authentication feature to ensure the genuineness of the incoming e-mail. It ensures that the e-mail has actually originated from the exact e-mail address, which it claims to be sent from. This is used as a "spoof identification" tool, thus helping users in the process of tracking down spam e-mails. Click on "enable" option to enable the DomainKeys and Disable to deactivate them.

Setting up the SPF

  • SPF forgets your domain's name as sender, thus preventing spammers to send e-mails. In this feature, the IP addresses are first added to a list. This authorizes only a specific set of computers to send e-mails from the domain name.
  • It also helps in ensuring that the received e-mails come from a listed sender.
  • Click ​"enable" to enable SPF and Disable to disable them.
  • DomainKeys and SPF alert that the e-mail has been received from the specified source and that it hasn't been spoofed.

    You can also add the following script to Exim's check recipient for authentication. {

    deny message = "Incorrect from address < $ {sender_address} >. Please use < $ {authenticated_id} > instead" authenticated = * ! condition = $ {if match_address { $ {sender_address} } { $authenticated_id } }

    Note: Please remove the white spaces — I had to deliberately add them because otherwise, they'd be executable code, and won't really get published as plain text on this web page.

    Advanced Settings in cPanel

    Advanced settings in cPanel offer different modes of improving the authentication process.

    Following are the common options available at your disposal:

    • Adding hosts to the current domain is automatically approved. They can be removed or added with the appropriate buttons.
    • The primary server IP is added to the list by default. You can also add additional IPs in the CIDR format.
    • Include list feature allows the addition of hosts to the specified list, in the SPF settings. This helps in sending e-mails from any other service.
    • Add MX Servers option helps in specifying the MX servers that can send an e-mail to the domain.
    • Overwrite Existing Entries option overwrites the existing SPF entries, when selected, and must be used very carefully

    So, make sure that you use the authentication feature, and ensure that nobody can send spoof emails through your domain name, and harm your online reputation due to sheer carelessness on your part. It not just helps in safeguarding the reputation of your brand, but also rules out the possibility of your domain getting flagged as spam originator in the eyes of search engines, which can otherwise be a disaster for your SEO and email marketing campaigns.