My Email address is spoofed

hi
Spammers spoofed my email address. Please help
Someone send me an email from my email
In the e-mail, he asks for money because he was able to hack and threaten me

image805×268 4.67 KB

[email protected] This e-mail is not found in the list of e-mails in cyberpanel
How can he send from an email that does not exist?

I secure cyberpanel Two-factor authentication And almost everything

And this is the source of the message

Received: from DU0PR10MB6129.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:3e4::5)
 by DU0PR10MB5876.EURPRD10.PROD.OUTLOOK.COM with HTTPS; Sat, 18 Mar 2023
 05:03:51 +0000
Received: from AS9PR06CA0434.eurprd06.prod.outlook.com (2603:10a6:20b:49e::16)
 by DU0PR10MB6129.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:3e4::5) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.29; Sat, 18 Mar
 2023 05:03:50 +0000
Received: from AM0EUR02FT009.eop-EUR02.prod.protection.outlook.com
 (2603:10a6:20b:49e:cafe::a0) by AS9PR06CA0434.outlook.office365.com
 (2603:10a6:20b:49e::16) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.36 via Frontend
 Transport; Sat, 18 Mar 2023 05:03:50 +0000
Authentication-Results: spf=pass (sender IP is 185.143.45.181)
 smtp.mailfrom=souqkshk.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=souqkshk.com;compauth=pass
 reason=100
Received-SPF: Pass (protection.outlook.com: domain of souqkshk.com designates
 185.143.45.181 as permitted sender) receiver=protection.outlook.com;
 client-ip=185.143.45.181; helo=mail.souqkshk.com; pr=C
Received: from mail.souqkshk.com (185.143.45.181) by
 AM0EUR02FT009.mail.protection.outlook.com (10.13.54.108) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6199.20 via Frontend Transport; Sat, 18 Mar 2023 05:03:50 +0000
X-IncomingTopHeaderMarker:
 OriginalChecksum:504F0A31928266C2526F749781B85845E3F167C1967C83CC226DFCE97C153B9D;UpperCasedChecksum:4385810E1E46B4E8BB014ED94FF3AD3288B21FEA9F83BE48FBAD0DDB0BC3136D;SizeAsReceived:972;Count:14
Received: from [49.165.195.168] (unknown [49.165.195.168])
	by mail.souqkshk.com (Postfix) with ESMTP id C95681B7D27
	for <[email protected]>; Sat, 18 Mar 2023 01:03:49 -0400 (EDT)
From: <[email protected]>
To: <[email protected]>
Subject: Don't forget to pay the tax within 2 days!
Date: 18 Mar 2023 21:33:48 +0800
Message-ID: <[email protected]>
Content-Type: text/plain;
	charset="windows-1250"
Content-Transfer-Encoding: 8bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Acw9n2d7h5pcn02s2mlps5k823q41s==
Content-Language: en
x-cr-hashedpuzzle: 2D4= lps5 k823 q41s 2mlp s5k8 23q4 1s2m lps5 9bcn tw0f a7so s59b cntw 0fa7 sos5;1;9bcntw0fa7sos59bcntw0fa7sos59bcntw0fa7sos59bcntw;Sosha1_v1;7;\{8094B113-CCA5-366E-7A5F-FD224BD88094\};ZQB3AGUAZgsos59bcntw0fa7sos59bcntw0fa7sos59bcntw;18 Mar 2023 21:33:48 +0800;0fa7sos59bcntw0f
x-cr-puzzleid: \{8094B113-CCA5-366E-7A5F-FD224BD88094\}
X-IncomingHeaderCount: 14
Return-Path: [email protected]
X-MS-Exchange-Organization-ExpirationStartTime: 18 Mar 2023 05:03:50.7632
 (UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id:
 91ed9855-6a36-4456-b6da-08db276e2a00
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: AM0EUR02FT009:EE_|DU0PR10MB6129:EE_
X-MS-Exchange-Organization-AuthSource:
 AM0EUR02FT009.eop-EUR02.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-UserLastLogonTime: 3/18/2023 3:33:14 AM
X-MS-Office365-Filtering-Correlation-Id: 91ed9855-6a36-4456-b6da-08db276e2a00
X-MS-Exchange-EOPDirect: true
X-Sender-IP: 185.143.45.181
X-SID-PRA: [email protected]
X-SID-Result: PASS
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-SCL: 1
X-Microsoft-Antispam: BCL:0;
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Mar 2023 05:03:50.7476
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 91ed9855-6a36-4456-b6da-08db276e2a00
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-AuthSource:
 AM0EUR02FT009.eop-EUR02.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg:
 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB6129
X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7622844
X-MS-Exchange-Processed-By-BccFoldering: 15.20.6178.035
X-Microsoft-Antispam-Mailbox-Delivery:
	abwl:0;wl:1;pcwl:1;kl:0;dwl:0;dkl:0;rwl:0;ucf:0;jmr:0;ex:0;auth:1;dest:I;OFR:TrustedSenderList;ENG:(5062000305)(90000117)(90011020)(91015020)(91040095)(9050020)(9060121)(9081003)(9100338)(2008001134)(4810007)(4910033)(8820095)(9930004)(9545005)(10172021)(9439006)(9310011)(9220031);
X-Message-Info:
	qZelhIiYnPkz+1c0tANDswf8uZbcl4apg34M4yjt8W5OpC+Dp1QrC7uFRHqVwf6ZX9Rh/MFVRUsDlXZvIw0Y842Q5wkvQUvSG0yrhw0T2yon+fOsdQelprDbWQDkIEtJhYIvp5UxelWFIqLcmXK+aS0XCCtjuvvEQYFbZVk5JA7x/4RXqw9Qeec9HncpU3Uk+fn+Akb1VYYlgA1DhNAM5g==
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MTtHRD0yO1NDTD0tMQ==
X-Microsoft-Antispam-Message-Info:
	=?windows-1250?Q?iCXZKrDBEm8tjAvCL1yuI1PSCRSowZUpDmvwtw0FQV5lB7IulJbjWqTe?=
 =?windows-1250?Q?NeUmw6ihjUXWimLu4Lf1m5Z2iemH0F/iubHizuzd5sPdC/HWf6xI6L4t?=
 =?windows-1250?Q?9qC1JmqZTBtvrVserGnNQcJVTT9nPGh87KFscVTf8BxR4aQpGrP0Q9Vb?=
 =?windows-1250?Q?kKHpwEp48VhiIqqEaGOJ7Rdg1rVbd11Vxuv/w2/Qc9GPh+SmDkBJdHDU?=
 =?windows-1250?Q?/7OMFCeH7mCFfHgWXu2lHHoynUPVyN7n+AK7aGBmLtEyyCXHHzTHYSkW?=
 =?windows-1250?Q?EJ5jIZltFa1b4gbixcl8dc/FV8zJVBBjKBjuxLO64TjRR3Ivoqu1HlLQ?=
 =?windows-1250?Q?zHn6erdtCgfgKJpwvkjGC4EtIIaB57lMPCiI+i0bzGm/jz5+679gAJ5R?=
 =?windows-1250?Q?Vue574kcQN1Bnq08gQ1Cp1GjyjbtkW4wPFmCNz9W/KUX/Pmtfh3AyODM?=
 =?windows-1250?Q?XJ8nZINw+pc7k1rzpWNiHIFpDFdEf3w7wszShpJjfdZFPG48Cw+lJbyc?=
 =?windows-1250?Q?ibSJRZZR76rC7vlEfmvJhP8XFCjCPlv0jVmtLchZzEjcqq7VP1IgV209?=
 =?windows-1250?Q?9wUA7PdGWEEz4/SnqLjON7XZj+nEozZgZcv9q5+HHpVRG154bxqEwD6+?=
 =?windows-1250?Q?OUfWHtwihg9PAMzjxpzGGO+6iqLHH97jmHZrK8mBmGLBJZumliXjRzxe?=
 =?windows-1250?Q?+gysAcDnOPVQ6dP7fHsKc96LZ7GJSC4zpuMixZ+9TZYGVXvcFgdtKADO?=
 =?windows-1250?Q?Iv/DfCAMAbeRQM737oCjMrCxelC9GN7c46b3gDre1LelXvgQ0Jhr2OOD?=
 =?windows-1250?Q?VwQFgoUs/+PmKk0p3C0VTMEdR1DEaneGctgUz8hVfCC614hWPpy72E1H?=
 =?windows-1250?Q?eOhdaqVxYl4wGAFb2w+HoWqd57WL4c89fllQ8jXHiqPHB1VOG4lhsbmr?=
 =?windows-1250?Q?MO9P4QKDObtSjFh/D2rUx4S2Us3kivOGOrI7t8ucMYJv5LVXqjSz6/fX?=
 =?windows-1250?Q?F7BJUr9Oe7H3ZH3djpkw3al2yIrHznbSKIBAkDAw+ulr9IFCJQqmUQAx?=
 =?windows-1250?Q?RD5f5A47oFXyfyBRuButZQve5Nkg5z7/kNEG9dBJCB4LHrekJNBhx3aK?=
 =?windows-1250?Q?ieCLN5ehGH+bRrMIND7fPAVX+rCsq7mgtd1blUaEEujz4mDFOnYfDUaO?=
 =?windows-1250?Q?nFUC2UlwtvaT5YyXZEHhU7YAx1aVa/1C6fhC7h6Y9rBt/k/6VPF1MZOY?=
 =?windows-1250?Q?xVRo2g/AkjLeF2VR6cOfN14mQvJSyaKMEbYrzBOawcA2R/J5dK7Dkx0t?=
 =?windows-1250?Q?j9B56j5508JidIE+AW61/r6qyivWbmASTWhn1+yyC6oWCQmKnTjIHCdf?=
 =?windows-1250?Q?zLkCgt804wTy3nq1wZbJP31raWwEQ6dOT+fzqyH7SeLZ3nuYSSK9/Osw?=
 =?windows-1250?Q?TX5Qm6igEuCjB91D+zMvQb6vqlr1sAmyrDgf8S7X3q3P1bkG4rQOEq2u?=
 =?windows-1250?Q?tnJ4o/MQiMQtChJLMgreCM3Klh/AcufuyMUEwW1voL68tqSafvHDZ4W8?=
 =?windows-1250?Q?yVzCa0B/0LVYFCitQW4N5t1OMbZqziZLMhFX7rlvqrpLE7D+SHHgFxJp?=
 =?windows-1250?Q?1TKgN8FJbnKQphbTaH/ugzwSpuH9VCDzBFuLCc5SPtKzKk4N0OPtVBps?=
 =?windows-1250?Q?rmGQBalTAaOdiJUL/IF8VYmJnhQLYlhKCTrIM2O3CTeX0N7wly13wEMl?=
 =?windows-1250?Q?7vhRGCNyxaMOi+7mPIT6C45rciZICkDLrPMDfIzR?=
MIME-Version: 1.0

This is an email test

image1215×787 68.2 KB

Please help

thanks

Hello @tarek-kshk

Unfortunately, there’s no way to prevent spammers from spoofing your email address.

Implement strict rules for both SPF Sender Policy Framework TXT record in DNS to ensure that destination email systems trust messages sent from your custom domain. You want ot set this to HARD Fail (Treat emails with ‘hard fail’ in the message envelope and then follow the receiving server’s configured spam policy) How Sender Policy Framework (SPF) prevents spoofing - Office 365 | Microsoft Learn

and DMARC- Domain-based Message Authentication, Reporting, and Conformance - set a policy of Reject and SPF identifier alignment of strict where alignment is required by domain owner if not email is rejected, DKIM identifier alignment should also be set to strict, What is a DMARC Policy? | EasyDMARC

Use a tool to generate this I recommend - Free DMARC Record Generator tools | EasyDMARC

Thanks for the help
I will try to work on this and reply with the result

hi
After following all the explanations, I could not solve this problem
This has been removed (“”)
I did all the explanations in dns And still the problem

image1179×789 87.4 KB

Please help

thanks

Ther eyou have an issue with DKIM keys. You need to confirm you have them or just create new ones.1 - DKIM Set up and Configurations

hi

image908×300 41.9 KB

There is a whole process of setting opendkim conf to debug why keys are not been verified but before this we keep it simple. remove these domain keys /etc/opendkim/keys/mydomain.com then use the tutorial I cited to generate new ones with cyberpanel

hi
I did this and it gives the same result

image1223×662 25.1 KB

thanks

Are you sending these emails through webmail ?

hi
yes,

image1278×155 23.3 KB

dns settings

image911×367 76.1 KB

image912×192 2.23 KB

thanks

Run the cyberpanel upgrade script

hi

image726×467 61.6 KB

Latest version

thanks

is there a solution ?

thanks

Hey, your problem is common:

You have DKIM key values with “quotation marks” in Cyberpanel and have entered “no quotes” in CloudFlare. In some cases this results in a conflict.

For me it always solves 100%…

remove all “quotation marks” from your DKIM and save it. After an hour try again.

Do not keep changing DNS many times in less than 24 hours, this impairs proper propagation. =)

hi

image972×188 3.95 KB

thanks

But you also removed it from Cyberpanel?

I don’t know why Cyberpanel leaves with quotes, but whenever I remove, at least here for me, the problem is solved, but I believe it also depends on what email service you use.

Now just wait a few hours to test again.

The truth is that email services are increasingly demanding and this is good for security, but it really makes everything more laborious.

hi
I have removed the quotes from cyberpanel
I’ll wait for hours and I’ll try

thanks

Okay, good idea.

No this will not fix anything. These autocreated records should not be altered