Reputation: 2728
Spam mails Joe-Job via Amazon AWS
since a few days our internal email [email protected] seems to go bananas and sends out emails to all sort of email addresses. Some of those emails bounce and we receive Mail Delivery Failed emails every minute.
Here is our setup:
- Domain hosted at Germany's 1und1 provider
- Nameserver configured on
Amazon Route 53 - MX server
mx01.kundenserver.deandmx00.kundenserver.de - Rails application hosted on
heroku
I called the support at 1und1 and they told me to set a SPF record which I did:
"v=spf1 a mx ~all"
after researching the topic via http://www.spf-record.de/
Unfortunately this did not resolve the problem. Honestly I am cluesless now what to do to prevent this random email sending.
Our account could have been hacked but the password was already changed.
Upvotes: 0
Views: 139
Answers (2)
Reputation: 3013
This happened to me before, I had a "refer a friend" feature on my website and someone use an automated script to send emails to a ton of people. My server wasn't comprised, it was just bad coding in the feature that I installed that allowed my mail server to send mail to different people on my behalf.
Since the email is coming from you, your SPF/DKIM will check out just fine.
So thing about all the points on your website that can send email and see if any of them can be compromised.
Also you'll want to do a blacklist scan, I use this service it does more then 200+ blacklist: https://www.unlocktheinbox.com/blacklist/bl/
Make sure you scan both your domain name and IP address. But before you take any action to remove yourself, you should wait 24 hours until after you fix the exploit on your system. Requesting removal and popping up again can get you permanently listed.
Upvotes: 0
Reputation: 307
Any of your email account or script/code compromise can cause outgoing spam emails. If outgoing emails are originating from particular email account and you find large outgoing email account from particular email account, you should consider to reset the password of that email account immediately. Also, compromised email sending script/code can can cause outgoing spam.
If "from" email address on spam email is none of your existing account then "From" email address is getting authenticated from any of your existing email account for which you should inspect SMTP logs of mail server(you should have administrative access of mail server)
Mail server IP address should not be blacklisted,please check IP here :- http://mxtoolbox.com/blacklists.aspx
If IP address is blacklisted, you can request IP whitelist after you identify and fix the outgoing spam source as RBL keeps IP address blacklisted until they find the spamming activity relaxed.
SPF and PTR record should be correct so that email recipient server can trust the sender mail server.
Bounce back email and spam email header can help to identify the issue more preciously.
Upvotes: 1
Related Questions
- Trouble with SPF-records sending to gmail-accounts
- Can there be multiple DKIM and SPF records on one domain (alongside Microsoft Exchange hosted email)?
- Gmail Spam Issue - How to properly setup DKIM & DMARC
- Website Contact Form and Google Workspace
- Set email headers so bounced emails go to a specific address
- Is it possible to create a correct SPF and DMARC DNS record when you use a CNAME?
- Gmail rejects emails. Openspf.net fails the tests.
- DMARC/SPF/DKIM not authenticating with third-party mail
- SPF - DNS TXT, SMTP RELAY Woes