how do i report a email
so, ecently, ive got emailed by my own domain (numberstorm.me on [email protected]) to my own domain (numberstorm.me on [email protected]), this means that someone could be able to send an email from [email protected] (my email) directly to me, the email headers say the following:
SPF: PASS with the IP 104.30.10.90
DKIM: 'PASS' with the domain cloudflare-email.net
DMARC: 'PASS'
the email sent to me was a sextortion email, i believe someone got unathorized access as it seems that the email has been sent from cloudflare infrastructure.
if someone could help me, i would be thankful
Thank you!
10 Replies
Cloudflare isn't the sender of the message.
You are using Cloudflare Email Routing, so Cloudflare Email Routing is simply forwarding the message, that it is receiving, to the final destination of your choice.
Since Cloudflare was a middleman for the email delivery, and passed on the message, most email providers will generally claim that Cloudflare was the sender, as Cloudflare was the last network having the message in it's hands, before it reached your own email provider's network.
The original sender claimed the message to be from your domain name, before the message ended up on Cloudflare, that is why you see it as appearing from your own domain name.
is there any way for me to get the original sender email?
If you're looking to do whatever you can, to attempt to prevent something like that from happening going forward.
Then you need to look at your SPF and DMARC policies.
https://community.cloudflare.com/t/email-routing-is-allowing-spam-to-be-sent-from-my-domain-name/584783/3?u=darkdevil
get the original sender email?You (likely) won't find another email address, as the sender claimed it was from your email address. However, you can look in to the message headers, if you wish to try to identify the source of the message, as in e.g. who delivered it to Cloudflare Email Routing.
is it safe to send the email header here?
It depends what you mean with "safe".
You already mentioned your email address and domain name.
So I wouldn't personally find any concerns, regarding sharing the email and/or message headers.
If we're playing with the assumption that someone was actually blackmailing you, -
- They would already have been able to see you use Cloudflare, based on your domain name, before sending the message.
- They would likely already know (if they were listening in here), that you're talking around about their message.
(...and so forth)
i dont mind if they see
The IP address
186.46.195.30 (claiming to have a name of 30.195.46.186.static.anycast.cnt-grms.ec) delivered the message to Cloudflare.
Looking at the two headers, that Cloudflare set:
We can here see that the IP address 186.46.195.30 pretended that the message was from your own domain name, in the SMTP MAIL FROM, which is used for SPF authentication.
And here, that it isn't passing DMARC, when ending up on Cloudflare, as no email authentication can be verified on your domain name, at that state.
Personally, I would just:
1. Adjust your DMARC policy, according to your wishes.
See: https://community.cloudflare.com/t/email-routing-is-allowing-spam-to-be-sent-from-my-domain-name/584783/3?u=darkdevil
(Remember to read the Note!)
2. Switch your SPF, to end with "-all", rather than "~all"
And then not worry about it any more.umhh, thank you so much, ill make a buse report to the ip registrsr and do this