How to filter and stop spoof emails in Horde

Call Us: Tel. 0121 358 3363 or Tel. 01869 346322 or Tel.01869 660032 - Email us: This email address is being protected from spambots. You need JavaScript enabled to view it.

We recently had a problem where the root email address associated with a few domains was being spoofed to death. This was on domains that were merely setup to forward to another domain. That is, they had no user email accounts setup (with exception of the root account, which cannot be deleted), no forwarders setup, no catch-all (a catch-all address “catches” emails that arrive at the server but cannot find a matching user or email address), and no auto-responders (auto-responders are setup to automatically respond with a pre-written message to messages that target a specific email address. An out of office message is a type of auto-responder). Nevertheless, emails continued to pour in. These emails were all the result of spoofing attempts.

What is spoofing?

Spoofing refers to fraudulent e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source.

How to stop spoof email, ie. spoofing?

There is no real way to stop spoofing except to delete the messages as they arrive. To accomplish this, you can simply define a filter that will delete messages based on specific values in the email message header. In our case, we set the header to delete messages sent from the MAILER-DAEMON address.

What is a mailer-daemon address?

A mailer-daemon address is used to process bounce messages. In other words, messages that have not reached a recipient. A bounce message (or failed Delivery Status Notification (DSN) message) is an automated electronic mail message from a mail system informing the sender of another message about a delivery problem. The original message is said to have bounced. By filtering out and deleting all messages from the mailer-daemon on your server that processes these messages as they arrive, you should prevent your mailbox from filling up and potentially having your account suspended for going over your disk space quota.

We’re going to show you how to filter spoof messages in Horde, a common webmail utility used in the Cpanel interface. A similar approach should be available to set filters in any server/ webmail environment.

How to filter and stop spoof emails in Horde

  • Log into webmail 
  • Click on the filters icon towards the top of the screen.
  • Select “New Rule”
  • Name your rule something like “Stop Spoofs”
  • Under For an incoming message that matches: select “All of the following”
  • Under the “Select a field” drop-down, select “From”
  • The next drop-down should have “Contains”
  • In the field type your mailer-daemon email address (you can find this by examining the full message headers of one of your spoof emails – look for the value next to the “From” field).
  • Under “Do this” select “Delete message completely”
  • You can select “Stop checking if this rule matches”
  • Click the “Save” button
  • You can move the filter to the top of the filter list so that it is executed first (before any other filters).
  • Select “Apply Filters” to run the filter on your current inbox.

Voila :) You should have gotten rid of your spoofed email messages. Any new spoof email messages that arrive will be promptly deleted.

Apple I-Phone 6



Handset monthly from £23

We use cookies to improve our website and your experience when using it. Cookies used for the essential operation of the site have already been set. To find out more about the cookies we use and how to delete them, see our Privacy Policy.

I accept cookies from this site

EU Cookie Directive Plugin Information