Mail-in-a-box being used to send internal spam emails

johnnytv · March 6, 2018, 12:02pm

Hi, several of my clients and those of another agency we work with are receiving spam emails (regarding asking a member of staff to make fraudulent BACS payments) that appear to be being sent using this tool.

They are using domains such as uk-c.eu and then using subdomains of this such as CLIENTDOMAIN.uk-c.eu as a reply to address but have the email coming from the original email address. DKIM and SPF are set up for these accounts correctly yet appear to be being bypassed.

This is a very concerning attack as they will use names and details of the Directors to appear legitimate so could easily be viewed as genuine. I wanted to raise this as I don’t know how much of a part Mail-in-a-Box is required by them to do so but stopping access could obviously only be a positive.

just4t · March 6, 2018, 2:23pm

Noticed you post a copy of this one at Github… Why to double (duplicate) it?

Yes! looks like https://uk-c.eu/admin or https://box.uk-c.eu/admin is a private mail server build with Mail-in-a-Box then, you could try to contact its ‘administrator’ by emailing to the, built-in by default, administrator@box.uk-c.eu email address.

Hope this helps to solve your problems!

murgero · March 6, 2018, 3:01pm

@johnnytvSorry that you have to go through this, however there is nothing you can do. They are not sending email using your server but are probably pretending to be (SMTP has no REAL way to stop someone from sending using your domain name) SPF, DKIM, etc help with this but not all servers verify that. Good luck.