Being able to create use existing e-mails

ahref

New member
Joined
Jun 17, 2020
Messages
6
Dear community,

Yesterday I encountered a weird issue. I am totally new to DA (my hosting provider uses DA) and am probably doing something wrong. So I tried to create a personal e-mail instead of my old @gmail.com. This all worked and I did not understand why I could use my domain without for instance changing the name servers at my registrar which is located elsewhere. So I tried to use an existing e-mail adres like contact@mediamarkt.nl (big multi media company, which I don't own) and I could just send out e-mails with that adres pretending I am that company.

What am I doing wrong, and how does this work?

Hope it makes sense.

Joey
 

floyd

Verified User
Joined
Mar 29, 2005
Messages
5,482
As far as I know yes you can do that. But what would be your suggestion? That a domain be hosted on this server in order to add an email account?
 

ahref

New member
Joined
Jun 17, 2020
Messages
6
Thanks for you reply floyd!

Not quite sure what you mean, could you please elaborate? Thanks!
 

floyd

Verified User
Joined
Mar 29, 2005
Messages
5,482
Well I was really asking you for more information.

The DirectAdmin works is you can add any domain you want and create any email account you want. My question to you is how would DirectAdmin know if you own a domain or not? How would it know if you should be allowed to create an email account or not?
 

ahref

New member
Joined
Jun 17, 2020
Messages
6
Excuse me if I sound stupid, but im really new to this. So, I thought that it would perform checks if the domain is already existing for instance. If yes then I would get notified i.e. Or perhaps the same way SSL works by adding a CNAME in your dns manager. Because right now, can't you abuse it this way? Like acting someone you are not etc?

Thanks!
 

floyd

Verified User
Joined
Mar 29, 2005
Messages
5,482
So, I thought that it would perform checks if the domain is already existing for instance. If yes then I would get notified i.e.
I don't know of any system that works like that.
 

floyd

Verified User
Joined
Mar 29, 2005
Messages
5,482
if the domain is already existing for instance.
Existing where? If the domain exists then nobody would be able to move an existing domain from one host to another.
 

Peter Laws

Verified User
Joined
Sep 13, 2008
Messages
1,826
Location
London UK
This is why SPF/DKIM/DMARC records were invented, to stop people using random from addresses they do not own (alas spamming)
 

floyd

Verified User
Joined
Mar 29, 2005
Messages
5,482
This is why SPF/DKIM/DMARC records were invented, to stop people using random from addresses they do not own (alas spamming)
That would be up to mediamarkt.nl to do that in his example. Their is nothing DirectAdmin can do to stop it. I think that is what you were saying. I don't know of any check that DirectAdmin can do to stop it which is what the OP seemed to be asking.
 

ahref

New member
Joined
Jun 17, 2020
Messages
6
This is why SPF/DKIM/DMARC records were invented, to stop people using random from addresses they do not own (alas spamming)
Great, thanks! I found a nice article about SPF/DKIM/DMARC and my problem which is being abused alot by phishers etc. I will try to understand it and then apply it. Thanks both Floyd and Peter Laws!

Stay safe.
 

Peter Laws

Verified User
Joined
Sep 13, 2008
Messages
1,826
Location
London UK
That would be up to mediamarkt.nl to do that in his example. Their is nothing DirectAdmin can do to stop it. I think that is what you were saying. I don't know of any check that DirectAdmin can do to stop it which is what the OP seemed to be asking.
Of course, I was just informing how to stop people from sending as their domain......

Directadmin already does SPF and DKIM, but DMARC is still work in progress, although you can add the TXT record manually, it's the email address for reports that's the concern here (eg. if DA adds DMARC TXT record upon creating the domain, what email would it use.... this is the main issue)..
 

floyd

Verified User
Joined
Mar 29, 2005
Messages
5,482
(eg. if DA adds DMARC TXT record upon creating the domain, what email would it use.... this is the main issue)..
It could be a button and an email address field much like the current Enable DKIM button.
 

floyd

Verified User
Joined
Mar 29, 2005
Messages
5,482
I thought you were asking about preventing you from impersonating somebody else. But apparently you were talking about how to protect yourself from somebody else.
 

ahref

New member
Joined
Jun 17, 2020
Messages
6
Yes, sorry for bad explanation! I sometimes find it hard to explain things in English
 
Top