• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Question non-existence users can send email

R

rout3rx

Basic Pleskian
hello
as a picture bellow i my plesk mail server, [email protected] could send email to existence users!
how can i block ?
in the picture bellow user : 2221 is not valid but can send email!

tempsnip.png

please help.
thanks
 
I assume that most people who read this are afraid to answer with a simple: There is not way, it cannot be done. Because there will be some way for sure, but it is probably complicated enough that comes close to a "it cannot be done".

Basically, an email sender can place anything she wants into the from field. At least the visible part. It is also possible to send emails with forged senders in the invisible part, because when email was invented, the inventors did not take all the criminals into account who are prone to abuse the Internet for their nasty stuff by the millions each day.

If you are receiving the mails from a local account (one that is located on the same server), I suggest to ask the user to stop or to leave. If you are receiving such mails from an external source, I recommend to use SPF lookup in the general mail settings to block all incoming mails that have no SPF record in their domains or an SPF record that does not match the sender's IP address. This will block most of such forged mails.
 
Unfortunately that will block most non-forged mails too as very many senders still don't have a SPF and/or DKIM record.

And blocking just mails where SPF fails (when you have a SPF record yourself) still doesn't help against this kind of abuse: While it would seem that it should block external senders from sending mail that appear to be from your domain, to pass SPF, it is enough for the sender information in that invisible part Peter mentioned (the "smtp envelope") to be acceptable by another domain's SPF settings.
 
You must log in or register to reply here.

Similar threads

enerspace
Question Bounce emails end up in spam – DMARC triggered on local deliveries?
Replies
0
Views
535
enerspace
enerspace
R
Question DKIM signing password reset emails
Replies
2
Views
551
redactie_uvw
R
A
Question Mail spam in my inbox
Replies
1
Views
1K
nmdpa3
N
S
Question Sending emails to bounced addresses
Replies
2
Views
729
spg_nueve
S
B
Question Plesk email relay incoming emails to another server
Replies
1
Views
525
bit
B
Back
Top