Bristol Web Designer

Stop spoof emails immediately

Stop spoof emails immediately

Create a filter that will delete these messages

Posted: Mar 23, 2022

Create a filter that will delete messages based on predefined values in the email message header.

What is spoofing?

Spoofing refers to fraudulent e-mail activity in which the sender’s address and other sections of the e-mail header are altered to appear as though it originated from a different source.

How to stop spoof email, ie. spoofing?

There is no actual way to stop spoofing except to delete the messages as they arrive. To achieve this, you can create a filter that will delete messages based on predefined values in the email message header. In our case, we set the header to delete messages sent from the MAILER-DAEMON address.

What is a mailer-daemon address?

A mailer-daemon address is used to process bounce messages. In other words, messages that have not reached a recipient. A bounce message (or failed Delivery Status Notification (DSN) message) is an automated electronic mail message from a mail system informing the sender of another message about a delivery problem. The original message is said to have bounced. By filtering out and deleting all messages from the mailer-daemon on your server that processes these messages as they arrive, you should prevent your mailbox from filling up and potentially having your account suspended for going over your disk space quota.

I’m going to explain how to filter spoof messages in Horde, a common webmail utility used in the cPanel interface. A similar approach should be available to set filters in any server/ webmail environment.

How to filter and stop spoof emails in Horde (cPanel)

  1. Login to Webmail for your email account (ie. log into cPanel and click on the Webmail icon)
  2. Click on the filters icon towards the top of the screen.
  3. Select “New Rule”
  4. Name your rule something like “Stop Spoofs”
  5. Under For an incoming message that matches: select “All of the following”
  6. Under the “Select a field” drop-down, select “From”
  7. The next drop-down should have “Contains”
  8. In the field type your mailer-daemon email address (you can find this by examining the full message headers of one of your spoof emails – look for the value next to the “From” field).
  9. Under “Do this” select “Delete message completely”
  10. Select “Stop checking if this rule matches”
  11. Click the “Save” button

You can move the filter to the top of the filter list so that it is executed first (before any other filters).

Press the [Apply Filters] button to run the filter on your current inbox.

Hey, presto! 🙂 You should have halted the relentless onslaught of spoofed email messages. Any new spoof email messages that arrive will be immediately deleted.

NB. You can reverse this at any time by deleting the rule.

Written by

Leave a review

What our clients say about us See what our clients have to say

“Clarke Brothers Scaffolding have been working alongside Andrew Talbot Design for 10 Years, during this time we have had our website built and maintained to a high standard. Andrew Talbot also manages our domain name and emails. Any problems that we encounter are always dealt with speedily and efficiently.”

Richard Clarke – Clarke Bros

Google 5-star review

ANDREW TALBOT DESIGN

Bristol, UK

Send an email

0117 927 3300

GET IN TOUCH

For web design, web development, website hosting, website optimisation, copywriting, logos and graphic design

Get in touch