-2

Someone is sending spam emails from my email address. And it looks like these emails have DKIM.

How is this can be possible if they doesn't have access to that email?

(my emails handles by something like google and i changed passwords to that account)

Eugene
  • 119
  • 5
  • 1
    If your Google account is compromised, they can send emails *as* you. – EEAA Dec 17 '15 at 22:08
  • Please add more details so we can help out. Are you running the email server in question? What is your general setup? – red_shift Dec 17 '15 at 22:14
  • This is shared hosting. But MX on a service like google. Its impossible that someone has access to that email (changeв password and it was an alias before) – Eugene Dec 17 '15 at 22:18
  • Do you have an example of the spam? Did it actually come from Google? – Law29 Dec 17 '15 at 22:26
  • Im not sure, but it has sign "sender is verified" https://imgur.com/J33vqPl this is basically means that dkim has verified – Eugene Dec 17 '15 at 22:30
  • 1
    If you can see that you should be able to get the headers of the e-mail. They are essential to analyzing any spam. – Law29 Dec 17 '15 at 23:21

1 Answers1

1

The problem was that DKIM just signs the domain from which emails have been sent, but it doesn't guarantee it was your domain.

So i should set DMARC policy + SPF to prevent occurrence of such situation in the future.

Eugene
  • 119
  • 5