Spam mails Joe-Job via Amazon AWS - email

since a few days our internal email info#ourdomain.com seems to go bananas and sends out emails to all sort of email addresses. Some of those emails bounce and we receive Mail Delivery Failed emails every minute.
Here is our setup:
Domain hosted at Germany's 1und1 provider
Nameserver configured on Amazon Route 53
MX server mx01.kundenserver.de and mx00.kundenserver.de
Rails application hosted on heroku
I called the support at 1und1 and they told me to set a SPF record which I did:
"v=spf1 a mx ~all"
after researching the topic via http://www.spf-record.de/
Unfortunately this did not resolve the problem.
Honestly I am cluesless now what to do to prevent this random email sending.
Our account could have been hacked but the password was already changed.

Any of your email account or script/code compromise can cause outgoing spam emails. If outgoing emails are originating from particular email account and you find large outgoing email account from particular email account, you should consider to reset the password of that email account immediately. Also, compromised email sending script/code can can cause outgoing spam.
If "from" email address on spam email is none of your existing account then "From" email address is getting authenticated from any of your existing email account for which you should inspect SMTP logs of mail server(you should have administrative access of mail server)
Mail server IP address should not be blacklisted,please check IP here :- http://mxtoolbox.com/blacklists.aspx
If IP address is blacklisted, you can request IP whitelist after you identify and fix the outgoing spam source as RBL keeps IP address blacklisted until they find the spamming activity relaxed.
SPF and PTR record should be correct so that email recipient server can trust the sender mail server.
Bounce back email and spam email header can help to identify the issue more preciously.

This happened to me before, I had a "refer a friend" feature on my website and someone use an automated script to send emails to a ton of people. My server wasn't comprised, it was just bad coding in the feature that I installed that allowed my mail server to send mail to different people on my behalf.
Since the email is coming from you, your SPF/DKIM will check out just fine.
So thing about all the points on your website that can send email and see if any of them can be compromised.
Also you'll want to do a blacklist scan, I use this service it does more then 200+ blacklist: https://www.unlocktheinbox.com/blacklist/bl/
Make sure you scan both your domain name and IP address. But before you take any action to remove yourself, you should wait 24 hours until after you fix the exploit on your system. Requesting removal and popping up again can get you permanently listed.

Related

sending an email to GitHub no-reply email ID

I was looking for the email address of a few profiles on GitHub and came across the no-reply email IDs. I know that these email IDs are created to make our personal email private, but I was wondering what happens if we mail to that no-reply address, I tried to mail me with my friend's email account and didn't receive any error neither did I receive the mail in my inbox. So what happened to that mail?
If you try to send mail to that domain, it will be returned as undeliverable.
In order to send mail to a domain, that domain must have either one or more MX records that provide the names of hosts to which mail can be delivered, or one or more A or AAAA records pointing to hosts which have a mail server running. In this case, users.noreply.github.com has no MX records, and it is a CNAME for github.github.io, which points to hosts which do not run a mail server.
When you attempt to send a mail to a server and it can't be delivered immediately, it is usually queued by your mail server, and if it remains undeliverable after some time (by default five days), it will bounce. Normally, you will receive a bounce message from your mail server indicating that the mail wasn't able to be delivered.
The point of those addresses is to allow users to attribute their commits to the correct account without having to receive emails. It wouldn't be very useful to prevent people from sending spam (or, in some cases, hostile or abusive emails) if the addresses weren't totally undeliverable.

the emails sent from my email accounts on my domain reach spam

I have a small problem with a domain and that is that emails arrive to Spam and that the domain is new. I have checked the reputation of that domain and it has nothing out of the ordinary.
Information
I purchased a CLOUD VPS that runs CLOUDLINUX with static ips in a different provider than the one I acquired the domain. and I use WHM to manage my accounts. the emails are sent correctly, but they reach me in the SPAM tray. as additional information I just tried to send an email from the webmail tool offered by CPANEL from my account, and from here if they reach me in the inbox, but if I send from any email client like: (Outlook, Thunderbird) always I get to SPAM.
What could be the problem ?, Where should I start to review? Any help or collaboration is appreciated.
Check if your server's IP is listed in any RBL
This is a good tool for consult in multiples RBL: http://www.anti-abuse.org/multi-rbl-check
See if your reverse DNS or PTR is properly configured
In your apllication always send email by authenticating with SMTP.

Emails sent through my email address are received to client's spam folder

I am sending emails through my domain and it receives to spam folder of clients. Even I heard that email sent to gmail account are also received to spam folder.
I check with my hosting provider for all necessary configuration related to email sending are configured correctly. I am using dedicated IP, separate cpanel account, PTR and DMARC are set properly and enabled valid DKIM and SPF records for my domain.
I also tested the spaminess of the domain using a third-party online tool and the results were 10/10 which means they are fully authenticated.
Another thing I double check the content of the messages with spam tables. The content of the email should not look like SPAM.
Please help me with this issue.
Best regards,
Vijay

Google Apps - many of the emails sent from the server are going into people's spam boxes

We have bought the google apps account for the domain www.amarramesh.com hosted by bluehost.com
As per the google apps suggestion, we altered the CNAME records in bluehost for the domain www.amarramesh.com to sync with google apps.
There is an issue when I send the mail through a PHP file stored in my Bluehost server. I tested the email quality through mail-tester.com and it says the DKIM signature is not valid because in the DKIM signature selector = "default" and suggests I should change to "google.domainkey". Due to this, many of the emails sent from the server are going into people's spam boxes. How do I make this change? This problem doesn't happen when email is sent from Gmail.
I have tried Php-mailer and it worked for some time but Bluehost has now blocked it.
Why do you want to send mail from another host if you're using GoogleApps?
DKIM's purpose is to allow remote hosts to authenticate that your mail was really sent by the server(s) you permit to send them. This prevents a spammer from forging your domain name on spam he is sending out. If it wasn't bounced off of servers you authorized in your DKIM DNS record, remote mail servers won't deliver it -- or maybe send it to the spam folder (provided they look at the DKIM header and DNS record).
It does this by putting a private key encrypted header on the mail, and the public key to decrypt it on the DNS record. If it can be decrypted successfully, then it is assumed to be legit (because the sender knew the private key).
This might help if you want to enable mail being sent from both hosts.
https://blogs.msdn.microsoft.com/tzink/2013/04/26/how-to-set-up-your-dkim-records-if-you-are-outsourcing-some-or-all-of-your-email/

How to redirect all bad emails to the one master email using DNS

Sometimes when people try to send me messages they misspell email address and I lose the message.
Example:
If my email is ivijan.stefan#something.com and my client misspell and write evan.steven#something.com or iivijan.stefan#something.com etc, I will lost my email.
Is there a way to use MX record or some DNS setup to server notify me and send message on one master email address where I can see that someone try to contact me and see message?
DNS servers do not understand what an email is. It may be possible to do this at your mail server end though. Look for documentation for catch-all email addresses to receive all email that would have been sent to non-existent email addresses. Note that this may expose you to huge amounts of spam from bots that target well known email addresses like admin#domain or postmaster#domain.