How to Prevent Mail Spoofing on a cPanel Server

Email Spoofing screenshot

Mostly, abusive or irrelevant e-mails carry fake addresses, and many times, the real owners of the e-mail addresses suffer the consequences and receive abuse notifications. They may even be held liable for the nuisance caused by such spurious emails. Therefore, it is recommended to add an SPF record along with a DKIM to establish the identity of the message.

The screenshot shows an example of email spoof done using PayPal lookalike ID, deceiving the user, while the mail isn't really originating from or in reality. 

Setting up Domain Keys

Setting up "Domain Keys" can act as an authentication feature to ensure the genuineness of the incoming e-mail. It ensures that the e-mail has actually originated from the exact e-mail address, which it claims to be sent from. This is used as a "spoof identification" tool, thus helping users in the process of tracking down spam e-mails. Click on "enable" option to enable the DomainKeys and Disable to deactivate them.

Setting up the SPF

  • SPF forgets your domain's name as sender, thus preventing spammers to send e-mails. In this feature, the IP addresses are first added to a list. This authorizes only a specific set of computers to send e-mails from the domain name.
  • It also helps in ensuring that the received e-mails come from a listed sender.
  • Click ​"enable" to enable SPF and Disable to disable them.
  • DomainKeys and SPF alert that the e-mail has been received from the specified source and that it hasn't been spoofed.

You can also add the following script to Exim's check recipient for authentication.(Remove white spaces when you try this.)

{ deny message = "Incorrect from address < $ {sender_address} >. Please use < $ {authenticated_id} > instead" authenticated = * ! condition = $ {if match_address { $ {sender_address} } { $authenticated_id } }

Advanced Settings in cPanel

Advanced settings in cPanel offer different modes of improving the authentication process.

Following are the common options available at your disposal:

  • Adding hosts to the current domain is automatically approved. They can be removed or added with the appropriate buttons.
  • The primary server IP is added to the list by default. You can also add additional IPs in the CIDR format.
  • Include list feature allows the addition of hosts to the specified list, in the SPF settings. This helps in sending e-mails from any other service.
  • Add MX Servers option helps in specifying the MX servers that can send an e-mail to the domain.
  • Overwrite Existing Entries option overwrites the existing SPF entries, when selected, and must be used very carefully

So, make sure that you use the authentication feature, and ensure that nobody can send spoof emails through your domain name, and harm your online reputation due to sheer carelessness on your part. It not just helps in safeguarding the reputation of your brand, but also rules out the possibility of your domain getting flagged as spam originator in the eyes of search engines, which can otherwise be a disaster for your SEO and email marketing campaigns.