Spoofing?

  • I have been receiving some spoofing from 1 specific email address which is the one connected with my contact form. My computer is clean, and my hosting told me this could be due to the contact form itself. I searched it online and apparently it is possible:
    https://stackoverflow.com/questions/44577709/my-website-contact-form-being-used-to-send-spoof-emails

    Could it be?
    Do you have any solutions?

    I changed email passwords many times, and when I did this I disabled most Chrome extensions (I thought they were stealing my psw from chrome extensions) and I don’t know where else to look for a solution.

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author WPKube

    (@wpkube)

    Hi @deon-b

    Can you forward one of those emails to skustrimovic at gmail com, seeing it should give me some idea as to what’s going on.

    Thread Starter Deon

    (@deon-b)

    Hi @wpkube
    I forwarded you an email just now. I copy pasted the headers on top and then below the headers you will see the forwarded email.

    Thank you very much for your help!

    Thread Starter Deon

    (@deon-b)

    I actually just received this:

    This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

 <code>skust*****</code> at gmail dot com
    host smtp.antispamcloud.com [38.109.53.37]
    SMTP error from remote mail server after end of data:
    550 Message contained spam content (antispamcloud.spam.malbtc90308)
Reporting-MTA: dns; txpro5.fcomet.com

Action: failed
Final-Recipient: rfc822; <code>skust*****</code> at gmail dot com
Status: 5.0.0
Remote-MTA: dns; smtp.antispamcloud.com
Diagnostic-Code: smtp; 550 Message contained spam content (antispamcloud.spam.malbtc90308)

    I just put the **** to protect your email, but it was your name.

    Thread Starter Deon

    (@deon-b)

    Hi,
    I sent you another email adding the headers as attachments but I still got an error message:

    Status: 5.0.0
    Remote-MTA: dns; smtp.antispamcloud.com
    Diagnostic-Code: smtp; 550 Message contained spam content (antispamcloud.spam.malbtc90308)

    Thread Starter Deon

    (@deon-b)

    I copy pasted the email headers into a .txt file and uploaded it them here:

    https://privfile.com/download.php?fid=62482d7a5beb2-MTI3OTg=

    I copy pasted the email content into a .txt file and uploaded it them here:

    https://privfile.com/download.php?fid=62482dbcd505d-MTI3OTk=

    Plugin Author WPKube

    (@wpkube)

    Hi @deon-b

    In the headers the mailer is shown as “Microsoft Office Outlook 11”. If it went through the contact form (our plugin) the mailer would be “Simple Basic Contact Form”

    So it’s simply someone using your email address as the “from” address in the email, that’s simple to do, but it would fail in spam checks and won’t be delivered to the recipient as a legitimate email. From what I see in the content you sent it was marked as spam, correct?

    Thread Starter Deon

    (@deon-b)

    Hello @wpkube
    If your hypothesis was correct, shouldn’t I see this subject in the emails:

    “Message sent from your contact form”

    This is the subject I see when someone fills a form on my website.

    About the “spam” flag, that is new. For months I didn’t see any spam flag, then I think I added some terms in the email filters and now they go to spam.

    Plugin Author WPKube

    (@wpkube)

    If it came from our plugin’s form you would see “Message sent from your contact form” but from what I saw in the data you sent the subject was “Pending for a payment.”

    Thread Starter Deon

    (@deon-b)

    So it’s simply someone using your email address as the “from” address in the email, that’s simple to do, but it would fail in spam checks and won’t be delivered to the recipient as a legitimate email.

    Yes I thought you meant that they entered my email address in the “from” address in the contact form.

    I thought you were saying they were using the contact form but entering my email as a “from”.

    So this is not what you’re saying, you mean someone can just use my email address from their “from” in Windows Outlook 11?

    Usually the “from” part is fixed, no?

    Plugin Author WPKube

    (@wpkube)

    Hi @deon-b

    The “From” in the contact form can’t be modified by a visitor (person who submits the form), that is fixed and set in the plugin settings in the admin panel.

    I meant in general it’s simple to use any email address as the “From” so someone can use your email address for that. Not specific to the contact form.

    The subject in the contact form is also fixed by default, unless you enable the functionality for the visitors to manually enter a subject. But you mentioned that you always get “Message sent from your contact form” which means you haven’t enabled that feature so the subject is fixed.

    As for “Windows Outlook 11”, it doesn’t mean that “Windows Outlook 11” was used, that value can be modified to say anything (so it can really be Windows Outlook but it can be anything else as well) BUT it can’t be modified in our contact form, we have that fixed to say “Simple Basic Contact Form”.

    So, it’s not coming from our form.

    But, you should contact your hosting provider about setting up: SPF, DKIM, DMARC

    They’ll know what it’s about.

    And if you want you can read more about it at higherlogic.com/blog/spf-dkim-dmarc-email-authentication/

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Spoofing?’ is closed to new replies.