cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution

Malicious emails are sent from email ID

Hello All,

 

I've domain, hosting, and professional email plans with Godaddy from past 2 years. From last 1 year, malicious emails (some include fake invoices demanding money) are automatically being sent from email IDs and i'm getting failure notices from some undelivered emails from "postmaster@xyzabc.com". I've changed my all passwords, put 2 factor authentication for Godaddy login, changed plesk passwords several times from different secure machines. But all in vein.

I tried calling Godaddy support service but they could not understand and solve the issue, everytime some new employee picks the call and suggest some edited solutions of changing DNS records, I've changed them lot many times but failed all the time.

 

I'm tired of it now and doubt if it's problem by Godaddy itself and they're promoting hacking and spreading malware inorder to promote their security business. I'm going to change my hosting and emails plan to some other service providers, and complain to consumer courts as well. Let me know if anyone is also here for the same.

 

 

7 REPLIES 7
Community Manager
Community Manager

Re: Malicious emails are sent from email ID

Hi @Businessman. Sorry to hear you're having trouble. It sounds like maybe you may be getting your domain spoofed. We do have a help article that explains how this can happen and steps you can take to prevent it. You can see that here. Sadly, this type of experience would not be exclusive to using GoDaddy for your email services. It can happen with any provider. 

 

JesseW - GoDaddy | Community Manager | 24/7 support available at x.co/247support | Remember to choose a solution and give kudos.

Re: Malicious emails are sent from email ID

Hello @JesseW,

 

Many virus infected and malicious files are being sent to my clients, as well as fraud invoices. I've already updated SPF records, changed DNS settings but still these emails aren't stopping. This way my email and domain will go in "BLACKLIST" and whatever emails I send will go to recipient SPAM box.

 

Are these emails are actually being sent from my email ID without knowing me? What are the future consequences of it? what if my client pays the invoice to fraudster? Is there anything else I can do to save my email ID, domain, and webpage?

 

Please find the sample mail I'm receiving:

 

This message was created automatically by mail delivery software. Your email message was not delivered as is to the intended recipients because malware was detected in one or more attachments included with it. All attachments were deleted.

--- Additional Information ---:

Subject: Invoice Number YID-L25073 from Mike xxx
Sender: michael.levis@I'mhidingdomainhere.com

Time received: 10/2/2018 4:12:21 PM
Message ID:<20160421465860817254.29C9D0BB09E10AFB@alfalaval.com>
Detections found:
YID-L25073.doc O97M/Powdow.PA

Community Manager
Community Manager

Re: Malicious emails are sent from email ID

@Businessman - The first thing to determine is where the messages are actually being sent from. Based on what you've said, I'm guessing the senders are using your domain. Because email can be sent using so many different email services (or even personal mail servers), it's not 100% possible to prevent someone else from using any domain when they send an email. Adding an SPF and other DNS records help, especially on the receiving end. Many reputable email providers will reject or flag delivered messages sent from a server not included in the domain's SPF record. However, if the sending email provider doesn't check for SPF records before messages are sent, not much can be done to prevent it from happening. I would suggest finding out where the email is originating if you can. It shouldn't be coming from GoDaddy, as we check SPF records before sending messages out. 

 

JesseW - GoDaddy | Community Manager | 24/7 support available at x.co/247support | Remember to choose a solution and give kudos.

Re: Malicious emails are sent from email ID

Hey @JesseW,

 

I'm a non-technical person, however, my coder has added all SPF records and changed passwords several times. I don't know from where these emails are originating. If we delete the email IDs itself and change it something different, will it stop? Say, instead of Michael.Levis@mydomain.com can we delete it and create a new one: michaellevis@mydomain.com?

 

Is that stop sending emails from my servers?

 

Or how can I completely eliminate it? I'm seriously tired and frightened by this.

Community Manager
Community Manager

Re: Malicious emails are sent from email ID

@Businessman Unfortunately, changing your email address would not prevent the senders from still sending from the same address. It might help your recipients know that the message is coming from someone else, but it could also just lead to further confusion. 

 

Think about it this way. Let's say someone wants to send a letter through the mail in your name instead of their own. It's possible that when they put the letter in their mailbox to send, the postman might notice it's the wrong name and suspect the letter. Also, if the recipient had a secretary that always checked the postal code letters were received from, they might notice the issue and see it wasn't legitimate. However, there wouldn't be much you would be able to do to stop this from happening unless you were to contact the postman (sending server) or the recipients and let them know about the issue. 

 

JesseW - GoDaddy | Community Manager | 24/7 support available at x.co/247support | Remember to choose a solution and give kudos.

Re: Malicious emails are sent from email ID

@JesseW

 

I understand your point, but what is the solution to it now? I've changed SPF, DNS settings, changed passwords, installed Malwarebytes, and Anti-viruses. I deal with thousands of clients everyday and all their contacts are saved in my Address-book. I can't ask them that I'm a victim of mail spoofing, that will destroy my credibility and people won't trust me anymore in the competitive market. Because, everyday I send 1000s of emails to prospects for the first time, in first instance only I can't ask them to trust me.

 

PLEASE SUGGEST SOMETHING, HELP

Community Manager
Community Manager
Solution

Re: Malicious emails are sent from email ID

@Businessman - If it were me, the first thing I'd try to do is figure out where the emails are being sent from. If you can find the service provider that is allowing the messages to send, you can then submit an abuse report to them to ask them to prevent the messages from going out. It's ultimately up to the sending provider to enforce sending rules. If that doesn't help, then you can try to report the provider to other authorities. 

 

The rejection notices you're receiving may include the header information from the email that is being sent. You can try to use that information to find the sending server/IP. Also, I just wanted to underline that the example you provided above is a rejection notice. This means that what you have in place is actually working, at least in the case of that message. 

 

JesseW - GoDaddy | Community Manager | 24/7 support available at x.co/247support | Remember to choose a solution and give kudos.