0
My domain (let's call it acmecorp.com) is setup with a wildcard such that *@acmecorp.com redirects to my primary email blabla@acmeinc.org
Having recently received the following email I am wondering if I need to take action. I have never used the address: niels.eikendal@acmecorp.com
I've removed some info to protect the identity of the seemingly legitimate OOS sender.
Delivered-To: niels.eikendal@acmecorp.com
Received: by 10.237.32.47 with SMTP id 44csp7220191qta;
Sun, 1 Jan 2017 15:51:39 -0800 (PST)
X-Received: by 10.194.58.198 with SMTP id t6mr45781381wjq.44.1483314699817;
Sun, 01 Jan 2017 15:51:39 -0800 (PST)
Return-Path: <>
Received: from hostingsmtp.register.it (hostingsmtp60.register.it. [81.88.56.20])
by mx.google.com with ESMTPS id s62si45272678wms.127.2017.01.01.15.51.39
for <niels.eikendal@acmecorp.com>
(version=TLS1 cipher=AES128-SHA bits=128/128);
Sun, 01 Jan 2017 15:51:39 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of postmaster@hostingsmtp.register.it designates 81.88.56.20 as permitted sender) client-ip=81.88.56.20;
Authentication-Results: mx.google.com;
spf=pass (google.com: best guess record for domain of postmaster@hostingsmtp.register.it designates 81.88.56.20 as permitted sender) smtp.helo=hostingsmtp.register.it
Received: from monti-backend13.it.dadainternal ([172.20.42.13])
by paganini33 with
id TBrf1u00W0H2WSs01BrfqW; Mon, 02 Jan 2017 00:51:39 +0100
X-Sieve: Pigeonhole Sieve 0.4.6 (4b9b9a88ac9b)
Message-ID: <dovecot-sieve-1483314699-430747-0@monti-backend13.it.dadainternal>
Date: Mon, 02 Jan 2017 00:51:39 +0100
From: <gabry@marc<redacted>ia.com>
To: <niels.eikendal@acmecorp.com>
Subject: Fuori ufficio - Out of office
In-Reply-To: <98eCdCef12.46ac366df8BE9.b721F9fCCF@acmecorp.com>
References: <98eCdCef12.46ac366df8BE9.b721F9fCCF@acmecorp.com>
Auto-Submitted: auto-replied (vacation)
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Sarò assente dal 30 Dicembre al 5 Gennaio.
<snip, redacted for privacy but looks realistic, more contact details for other people in the office>
Grazie.
I'll be away from Friday 30th December until Thursday 5th January and will not have access to e.mail until I return.
<snip, redacted for privacy but looks realistic, more contact details for other people in the office>
Thank you.
Is this safe to ignore? If not what further actions do I need to take? Happy to provide more info.
Thanks a lot.
Hairy Chris
Posted 2017-01-02T03:31:28.537
Reputation: 103
I'm guessing this is just someone spoofing an address in the from field of an email and possibly sending spam. Would setting up DKIM for that domain to prevent any future issues with blacklisting? – Hairy Chris – 2017-01-02T03:36:26.570
It's not a domain I use for anything particularly, just some minor personal stuff that's why I'm confused as to it's utility for spammers. – Hairy Chris – 2017-01-02T03:36:57.933
2If you don't have DKIM and SPF records you need them. What's happening is someone else has a mail server spoofing your domain for the purpose of sending spam that's legit from your domain. They don't care about inbound . – Tyson – 2017-01-02T11:40:59.450
Thanks for helping and not just downvoting :) I will set this all up today. Once this is configured email servers should start dropping the spam mail straight away right? – Hairy Chris – 2017-01-02T13:19:49.607