Preventing email spoofing Print

  • 55

Email address forgery is a big problem – spammers send email using addresses at your domain. There is nothing one can do directly to stop it. But there are a few things one can do to mitigate the problem...

In your cPanel, have a look at the Authentication function in the Email category. This gives you the option to set up DKIM and SPF records in your domain's DNS. Both options are meant to indicate to the Internet where emails for your domain are supposed to originate from. If a spammer sends email from somewhere using you email address, then mail servers should realise that is a forgery and block it.  

1) DKIM (DomainKeys Identified Mail)
For a description of DKIM and what it does, see the Wikipedia article. In short, DKIM announces to the Internet that the Anno server is the only valid mail sending server and provides a method to verify this.

To enable authentication via DKIM, simply enable the option in cPanel. Note: If you use other mail servers (e.g. your ISP's SMTP server) to send email in addition to the Anno server, then do NOT enable DKIM.

2) SPF (Sender Policy Framework)
For an description of SPF and what it does, see the Wikipedia article. In short, SPF announces to the Internet one or more valid mail sending servers for your domain.

You can simple enable SPF authentication option in cPanel, but you will get the best results with some fine tuning:

  • Add IP addresses of all servers through which you send email. In most cases, the servers defined in the MX records are sufficient and you need not enter anything.
  • If you are sending email on your domain exclusively through the Anno server (as opposed to using your ISP's SMTP server), then enable the "All Entry" option. This is a major lock-down option that will cut out most of the forgeries.

3) DMARC (Domain-based Message Authentication, Reporting and Conformance)
If you feel adventurous... this is an advanced topic that will give you more control over spoofing. For an description of DMARC and what it does, see the Wikipedia article. With DMARC, you have a higher level of control over what happens to email sent (valid or spoofed) using your domain name. DMARC piggy-backs on DKIM and SPF authentication and adds the ability for the domain owner to specify what should happen to non-confirming emails.

To configure up DMARC:
  • Choose an existing or (preferred) set up a new email address where you will receive DMARC reports.
  • Create a TXT record in your domain's DNS that that a value. 
For help on the above:
  • See the Gmail instructions for the DMARK DNS entry.
  • Sign up for a service such as Damarcian (basic free service is sufficient) to monitor your domain's DMARC performance. This is an invaluable tool helping you tweak and optimise your DMARC policy.

Note: Not all mail servers check these authentication settings and hence will not necessarily block forgeries. Major email service providers like Gmail do check and you will see an immediate improvement.

Was this answer helpful?

« Back