Cpanel Advice: Please Read! SPAM IN YOUR EMAILS!

I would like to offer some good advice to people who Host thier sites with Hostgator or any other Webhosts who provide Cpanel. Please Check your "Mail" feature.
I just check all of my sites Mail in the Mail section.
All of my sites do not have webmail set up, but I was surprised to find tens of thousans of spam mails and I dont even have any email accounts set up!
This was causing me to get 'iNode" warnings that my account would be soon suspended and I should upgrade my site to Dedicated Hosting, something I cannot afford!
Go to http://www.yoursite.com/cpanel

Steps
1. Click on Mail
2. Click on Webmail
3. Click on Horde
4. Login
5. Click on Mail

SURPRISE! Do you too have thousands of Spams ... even if you dont even have an email account set up?
If you folder is full of thousands of Spams then do this...

6. Click on Folders
7. Tick Inbox
8. Choose Empy Folders from the Drop Down box above
9. Click Empty Selected Folders
10. Do this regularly before you get an email from Hostgator like this:

As soon as I deleted all of my emails, guess what .... I already have 4 Spam emails, that is very quick!

I have 4 main sites with hostgator and this how much emails I have without knowing:

Site 1: 27,237 Spam Emails
Site 2: 43,438 Spam Emails
Site 3: 7,398 Spam Emails
Site 4: 63,972 Spam Emails

This is who one Spam was from:

To:
So the spammers send the emails to gator257.hostgator.com and so forth!
That is crap! Surely they can fix it, as I say, I dont even have a email account in my Cpanel!

 

Thank you so much, Father Christmas. You save my cpanel account. I never knew this until I read your post. I'm cleaning up now. And I will report this incident to Hostgator.

 

Thanks, Father Christmas. I just got the same email from Hostgator - for the first time. I did not understand what inodes were. I have followed your instruction but I don't appear to have an excessive amount of spam in there. I trieed to set up some of my email accounts to POP3 access a few days ago and I wonder if this has created two sets of email files. Any idea how I disable POP3 access?

 

No problems with the advice, sounds like a lot of hostgator web owners got the same email.

Not sure about your question.

 

I think Hostgator should do something to protect its clients who have no idea how to protect their default email account from being hijacked.

 

I tried set up my busiest email accounts for Microsoft Outlook POP3 Access in the middle of last week (I normally access them by forwarding on to yahoo mail). I'm wondering if that creates two copies of the email files, and therefore if that triggered the excessive file numbers?

 

I would say so. But it wont hurt to delete your emails in your cpanel as long as you have a copy of them on your outlook express on your computer.

 

It's pretty easy to have a lot of emails with the catch-all turned on which a lot of users like to do and some hosts turn it on by default (maybe host gator does I do not know).

With the catch-all on dictionary based spam works out quite well. Emails sent to ect. ect. All will arrive in that catch-all email account. As a result it's pretty easy to over time have several GB of mail that got by spam filters.

 

thanks, i'm hosted with hostgator and didn't know about this. but i only had 1 message in there i think related to hostgator. not sure if this helped, but one of the first things i do with a new host is setup email forwarding to my gmail account with good spam filters. i then setup my gmail account to send mail from my various addresses. i also don't allow for catchall.

 

Its called Backscatter. A spammer forges their email header to have your email in the sent field. Then if the mail server rejects the mail it sends it back as reject to your inbox. I once logged into my account and found 4,900 such emails. You need to create a SPF record on for your domain and mail server to protect against backscatter.

backscatter
http://en.wikipedia.org/wiki/Backscatter_(e-mail)
SPF records
http://www.openspf.org/

 

Backscatter... I think another name for that effect is a "Joe Job", named after the first vocal person to fall victim to it in the late 90's. Everyone thought Joe was sending the tons of spam that everyone got.

Thanks for the suggestion of SPF. I have a client who gets Joe Jobbed a lot and I was speculating about whether establishing SPF would actually make a positive impact on the problem. Maybe we'll give it a try.

About this great advice, though, to adjust in cPanel... Doesn't this problem assume that your server is setup to receive mail from your domain? In other words, the MX record in your DNS zone files for your domain points to your server's IP address. If you have it pointed anywhere else (a virtual email hosting service, or forwarding service, etc.), then you shouldn't have this inode issue, right?

 

ya backscatter is pain in the arse. This is the rule I use on my DNS zones for my domains which means no mail is sent all from the domain. Which tells the mail server that the address they have is forged.

"v=spf1 -all"

Also I'm thinking of just removing my mail server. I don't really use it anyways and I'm getting annoyed by mail spammers. E-mail protocoal is archaic and easily abused it really needs to replaced by a new system.

 

Bumping this for people who may be interested