cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Email spoofing and max emails per hour exceeded

We are having a case of email spoofing since two months, many of our email accounts have been used to spam porn and dating mails which caused a flooding of email from Mail Delivery System with the subject like "Mail delivery failed: returning message to sender" and "Mail delivery deferred: returning message to sender". Obviously many undelivered emails are spam, but many others are legit business mails.

 

We are using cPanel Emails (through Roundcube, Horde, Mozilla Thunderbird and Microsoft Outlook). Web Ultimate Linux cPanel web hosting plan with SSL standard certificate.


After change the TXT records in the DNS zone the amount of mails from Mail Delivery System got down to zero. The first lines (taken from here https://www.godaddy.com/help/add-an-spf-record-19218) was like this:

TXT @ v=spf1 a mx ptr include:secureserver.net ~all
TXT admin v=spf1 a mx ptr include:secureserver.net ~all

which was changed to this:

TXT @ v=spf1 mx include:secureserver.net -all
TXT admin v=spf1 mx include:secureserver.net -all

And finally to this:

@ 3600 IN TXT "v=spf1 mx include:secureserver.net -all"

After that apparently our email accounts were not used for spam, which seems not to be the truth, and now we are getting messages from Mail Delivery System about messages not delivered because the limit of max emails per hout was exceeded:the first message mention a 500 limit but the last ones mention just one message as the limit exceeded per hour.

Domain grupotwt.com has exceeded the max emails per hour (2/1 (200%))
allowed. Message discarded.

According with many of your tutorials setup the SPF in a TXT record is the way to go in cases of email spoofing, change the setup in the contact forms is other way, but all the email accounts affected by spam are not included on any webpage of our website.

So, what is the solution of this problem...?