Spam – Who should prevent spammers from attacking Mailenable with external domain names?

We have a problem with our Mailenable, in which the MTA is activated in the MXSCAN software. Everything worked perfectly. Today, however, we found that we can only send emails but cannot receive them. We checked the logs in MxScan message logs when a stranger with an external IP and post office (null) and sender email (not from local domains) tries to send random emails every millisecond, and of course are blocked, we have blocked the IP for the incoming firewall rules as well, but still no impact that makes our mail activation so busy.Log screenshot

Spammers with Contact | Forum promotion

@Lammchen I wanted to recommend the OzzModz add-on for the Spaminator if you don't already have it. Although it is practically impossible to prevent anyone from using the contact form, in just a week of installing it it has prevented well over 100 bots from logging into my website. Not a single bot has signed up since I installed it, and I was hit hard before I had the add-on. There are loads of 5 star ratings. The add-on costs $ 24, but it's worth it in my opinion. Now I can focus on legitimate registrations instead of worrying about bots logging into my website.

I didn't try to redirect this thread because I assume you're talking about real people sending spam. I only had the need to suggest the add-on. As with normal spammers, there is nothing you can really do unless you can somehow get their IP address. Then you could see if they had a suitable account and block their IP address. If emails are sent to your administrator account and not to an external provider, it may be possible to get the IP address. Although you should have a look around.

Sort out spammers | Web Hosting Talk

What procedures / guidelines do you use (other data centers) to sort out spammers?

We already stop access when we see spam evidence and do not offer a refund. But it's pretty obvious that people just come back under new names.

I have half the wisdom of asking for a deposit in advance because spammers will be separated within a few days at most. But that would deter legitimate customers.

What is free with the 12th month or free with the 6th month? Spammer accounts would never last that long.

What about discounts for a WHT account that has been open for more than a year and we would have the user link their WHT or other forum account to their account with us when they signed up to receive this discount.

It cannot be a recurring discount because the utility company does not offer this. But I can take a small hit if I don't have to turn around and destroy the box a day later.

Phishing – How often do spammers, phishers, etc. change e-mail addresses?

Their only goal is to deliver the selected text block to the victim. Whether and how often they change a (fake) e-mail address is unclear, as individuals or marketing groups all work independently.

If an e-mail address is blacklisted, it is usually helpful to change an e-mail address, because in this case the message is not transmitted to the victim (spammers are stupid).

Spam – Are you preventing spammers from forging e-mails that you send to another person or yourself?

I have received the following email with the following headers. How do spammers use this method to trick users into hacking their account?

How can you stop spammers with our e-mail? For non-techies like my grandma, it can be scary to receive an e-mail like this one that says her account is hacked.

What is the spammer doing right in the headers below? Does it show which application you are using for it?

The way back: 
X-Original To:
Submitted to:
Obtained: from ( [])
(Using TLSv1.2 with encryption ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client
Certificate requested) from (Postfix) with ESMTPS ID 420623000080
to the ; Marry,
6 Mar 2019 19:25:57 +0000 (UTC)
Obtained: from (unknown []) by (Postfix) with the ESMTP ID AF51A20196C14 for ;
6 Mar 2019 13:25:55 -0600 (CST)
Obtained: from ([]) of cmsmtp with
ESMTP ID 1cAth7PiS5rNM1cAthzAVL; Wed, 06. March 2019 13:25:55 - 600
Received from [] (port = 51959 helo =[]) by with esmtpsa (TLSv1: ECDHE-RSA-AES256-SHA: 256) (Exim
4.91) (cover off ) id 1h1cAr-0024QG-EJ for;
Wed, 06. March 2019 14:25:55 - 500
Authentication results:; dmarc = none (p = no dis = none)
header.from =
Authentication results:; spf = no
Authentication results:; dkim = fail reason = "Key not found in DNS"
(0-bit key) header.d = header.b = "kBI6UFVj"
X-Authority reason: nr = 8
Dkim signature: v = 1; a = rsa-sha256; q = dns / txt; c = relaxed / relaxed; d =;
s = default; h = From: MIME Version: Content Type: Message ID:
List ID: Date: Subject: To: Sender: Reply To: Cc: Content-Transfer-Encoding:
Content ID: Content-Description: Date resent: Resent-From: Resent Sender:
Resent-To: Resent-Cc: Resent-Message-ID: In-Reply-To: References: List-Help:
List Unsubscribe: List Subscribe: List Post: List Owner: List Archive;
bh = oj1E + Py8RM4SW8xpzCQWMyx9GodmBpw8HrVQgEtGCkw =; b = kBI6UFVjOJ6gguimz80GscFl2T
OLPs8fsRExWixOejYw4T4 + itDQNQPEy7NT + RBH + D055aCgf2clk8w44DauK2Lye1uw9ZFP6tlwQ3F
2kKxi3ea3Vaeo1ojR3yshBjGaj2Yit / 5mas9dAQLKOlXfd7dVSthXl2hiza9XbMbP6WSUw2g / zdek
/ jnxnN410aiy7vES / sbKi4v5PyDPTe8kYSkcHVZrFIP9XpNLjrzXiw18lo97osS1pl3Oe9ySv3DVF
WXOfdIxAhvZCqq0o4329IO3oT + O8GGwiY2BAvH1L4JCrRK0y8An6I2ZAhii6XTEaoViKt3FVhESz 1PvGPDMA ==;
X-Abuse Reports To: 
X-Mailer: Microsoft Outlook Express 6.00.2900.5843
Subject: pat
X-Aid: 3931138227
Date: Wed, 6th March 2019 20:25:52 +0100
List ID: y2znb9cxhdkkp12r9ojihcp70vn50etc23e368dl
Message ID: <>
X complaints to: 
Content Type: Text / HTML
MIME version: 1.0
X Anti-Abuse: This header has been added to track abuse. Please attach it to the abuse report
X Anti-Abuse: Primary Host Name -
X Anti-Abuse: Original Domain -
X-Anti-Abuse: Sender / Caller UID / GID - [47 12] / [47 12]
X Anti-Abuse: sender address domain -
X-Bwhitelist: no
X-Source IP: 87,252,183,184
X-Source-L: No.


X-Exim-Id: 1h1cAr-0024QG-EJ
X source transmitter: ([]) []51959
X-Source Auth:
X-Email Count: 244
X-Source-Cap: emVyb3BsdXM7aW1wbG9kZWk7dXNjZW50cmFsNDI3LmFjY291bnRzZXJ2ZXJncm91cC5jb20 =
X-Local-Domain: yes
X-Spam flag: YES
X-Spam Status: Yes, Rating = 11.7 Required = 4.0 Tests = BAYES_50, DKIM_INVALID,
autolearn_force = no version = 3.4.2
X-Spam Report: *
4.0 BAYES_50 BODY: The Bayesian spam probability is 40 to 60% *
      [score: 0.4999] *
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level *
Mail domains differ *
1.1 LOCALPART_IN_SUBJECT Local part of To: Address appears in *
Object *
0.4 MIME_HTML_MOSTLY BODY: Multi-part message, mostly text / HTML MIME *
0.0 HTML_MESSAGE BODY: HTML in the message *
0.8 MPART_ALT_DIFF BODY: HTML and text parts differ *
1.2 HTML_IMAGE_ONLY_04 BODY: HTML: Images with 0-400 bytes of words *
0.1 DKIM_SIGNED message has a DKIM or DK signature, not necessarily *
valid *
2.0 RCVD_IN_BRBL Received is listed in Barracuda RBL * *
0.1 FORGED_OUTLOOK_TAGS Outlook can not send HTML in this format. *
0.1 DKIM_INVALID DKIM or DK signature is present but invalid *
1.9 FORGED_MUA_OUTLOOK Fake mail purporting to be from MS Outlook
X-Spam Level: ***********
X-Spam Checker Version: SpamAssassin 3.4.2 (2018-09-13) on
X-Attached: 1551903952102.jpg
X-Pm-Origin: external
X-Pm content encryption: on delivery
X-Pm transmission encryption: TLSv1.2 with encryption ECDHE-RSA-AES256-GCM-SHA384 (256/256 bit)

Version: ProtonMail

wcBMAwRosWm2Ti4BAQf / Ykwvv6atXqvoTqX + F4J6T2IriLr3Ol294QaLqwpZ
VRJuZ0g39DFmnWhHiZtPwo0WEr4Tvn4dg1g7wWTT8r / w5rJ7M2cukmKTdZR6
eRXtm0PDO2mWzoOo7ra6YsmrakB0asnTL1oA2DWi9u + TrXr / DyeYetnwqwQ1
cJcWpLm7X4cp / AiiJeFqmG0LrUB7qmJnonu / EbfxFIec2YBwcTDZmN1yw9BS

Dealing with repeated spammers / accounts

How do you deal with repeated account compromises that send spam?

We have a huge problem with the passwords of users' e-mail accounts, which are vulnerable to IP addresses around the world and used to send spam.

Usually we just change the password in the email account and write the user. Recently, however, there have been multiple email accounts for these accounts that are at risk or the same email account has been compromised time and again.

Mostly the problem is an extremely weak or insecure password. In other cases, I suspect that the user has malware installed on their computer (and does not know what else is going on with their computer) or checks the account over insecure networks.

If it happens over and over again, sometimes we will proactively change the passwords of all of the account's email accounts or lock the account at other times. But apparently people do not like it – and they would as well outsource their hosting to a company that either knows no compromise issues or to a web hosting company that does not care about sending spam repeatedly.

I begin to believe that I lose the hard battle. I think it might be easier to let the spammers run rampant. And then, when people complain that they can not send mail for blacklisting, I simply tell them "hard%? $ #!".

I mean, is that what everyone else is doing?

Sorry, I did too much the weekend and this week and had to get into my soapbox a bit.