An email that says it has been sent by me but I did not send it!

You may receive a spam email that has your email address as the sender.

Article in:

Due to the way email works it allows anyone to set their email address to anything they like so if they set it to yours and send spam it looks like it was sent by you!

To reduce the chances of someone sending email purporting to be from a domain considerably there are two email security features called SPF and DKIM.

Both these provide a method for a mailserver receiving email to check if the server it is receiving the mail from is listed in an SPF record and as such is allowed to send email for that domain, and in the case of DKIM if the mail was authenticated by the correct server.

The receiving mailserver can then decide to accept or reject the mail based on the results.

What can I do?

You can enable SPF and DKIM to help stop this happening, to do this please follow the instructions below: –

  1. Log into your cPanel account, then navigate to the EMAIL section and click on Authentication within it.
  2. Once in there you will see two buttons one for SPF and one for DKIM, if either of them say “Enable” then please click them to enable them.

You have now enabled both SPF and DKIM

Useful information: –

For this to be effective your domain must be using our nameservers.

If you have your mail hosted with another provider for example office 365 and are using our nameservers then do not enable DKIM and please adjust the SPF record accordingly taking into account the SPF record provided by your mail host (you can use your mail hosts providers DKIM record if applicable but you will need to add it directly to your DNS records using zone editor in cPanel)

If you are actively receiving emails like this and you enable SPF and DKIM due to DNS caching it may take a while to start working for you.

This has been enabled by default for some time for new cPanel hosting accounts however some older accounts may not be, due to the potential for disruption to custom setups etc the decision was taken not to mass enable already existing accounts.