Mail hacked through


New Member
one of our email has been hacked.
Someone is manipulating this email to send us blackmail askig for money.
We can see that the email has been sent though (see printscreen):
Capture d’écran 2018-11-04 à 13.56.14.png

You can find in attachement a PDF of this email.
What can we do to stop this ?
it's a little unpleasant to feel threatened.
Thanks in advance for your support.
Best regards,
Joel Walther


Chris Cherry

Mr. Happy To Help You. is just a rewrite scheme on our server which does the email forwarding for your domain. The bot delivered it to our server which forwarded the message to you as it would with any email that is sent to you.

What you received is a phishing/scam email which has recently been targeting internet users. It's an old phish/scam in which they forged the headers of the email to look like it came from you, but they are not actually hacked into anything. If the password they reported is old and no longer used, no worries. If the password is something you still use on sites, please change it asap.

Please read the following blog post by our CEO:

You can delete that email.


New Member
I have the same problem.
I think either Zoneedit or is missing a crucial step in the sender rewriting part: check for SPF

The mail forwarder at will accept any sender and rewrite the sender envelope into their own domain, which does provide an SPF record that is then checked by many email clients, like GMail. The resulting message is then always trusted.
If the mail forwarder is going to rewrite the sender envelope and have an SPF record for it, it also *MUST* check the SPF status of any incoming mail. Not doing so breaks SPF.

I hope this can be implemented soon. Short of this, and given the recent inflow of such scam email, I will have to find myself another forwarding service.


Chris Cherry

Mr. Happy To Help You.
Hi Paul,

Good point. I have relayed that to our email admins who will work on finding a fix for what you pointed out.

Thank you!