Mail hacked through srszone.org

#1
Hi,
one of our email has been hacked.
Someone is manipulating this email to send us blackmail askig for money.
We can see that the email has been sent though srszone.org (see printscreen):
Capture d’écran 2018-11-04 à 13.56.14.png

You can find in attachement a PDF of this email.
What can we do to stop this ?
it's a little unpleasant to feel threatened.
Thanks in advance for your support.
Best regards,
Joel Walther
 

Attachments

Chris Cherry

Mr. Happy To Help You.
#2
srszone.org is just a rewrite scheme on our mx-caprica.zoneedit.com server which does the email forwarding for your domain. The bot delivered it to our mx-caprica.zoneedit.com server which forwarded the message to you as it would with any email that is sent to you.

What you received is a phishing/scam email which has recently been targeting internet users. It's an old phish/scam in which they forged the headers of the email to look like it came from you, but they are not actually hacked into anything. If the password they reported is old and no longer used, no worries. If the password is something you still use on sites, please change it asap.

Please read the following blog post by our CEO:
https://easydns.com/blog/2018/10/19...youve-been-hacked-pay-me-bitcoin-email-spams/

You can delete that email.
 

po1

New Member
#3
I have the same problem.
I think either Zoneedit or srszone.org is missing a crucial step in the sender rewriting part: check for SPF

The mail forwarder at srszone.org will accept any sender and rewrite the sender envelope into their own @srszone.org domain, which does provide an SPF record that is then checked by many email clients, like GMail. The resulting message is then always trusted.
If the mail forwarder is going to rewrite the sender envelope and have an SPF record for it, it also *MUST* check the SPF status of any incoming mail. Not doing so breaks SPF.

I hope this can be implemented soon. Short of this, and given the recent inflow of such scam email, I will have to find myself another forwarding service.

Thanks,
Paul
 

Chris Cherry

Mr. Happy To Help You.
#4
Hi Paul,

Good point. I have relayed that to our email admins who will work on finding a fix for what you pointed out.

Thank you!
 
Top