Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is this a spoofed email? or did someone really hacked my account?

I got an email in one of my accounts, it appear to come from me. I don't know if they really hacked or it's spoofed... and if so, how do I stop it.


This is the metadata of the email:

: (qmail 142280 invoked by uid 30297); 29 Mar 2019 05:46:33 -0000
Received: from unknown (HELO ([])
(envelope-sender <>)
by (qmail-1.03) with SMTP
for <>; 29 Mar 2019 05:46:33 -0000
Received: from ([])
by CMGW with ESMTP
id 9kLThmXoXULhR9kLThXfCI; Thu, 28 Mar 2019 22:46:32 -0700
X-IP-SPAM: Suspect
Received: from [] [] by with ESMTP
(SMTPD-11.03) id 324e0000034f07cb; Fri, 29 Mar 2019 14:49:36 +0900
Date: Fri, 29 Mar 2019 06:46:13 +0100
Content-Type: multipart/related;
MIME-Version: 1.0
Subject: studio
List-ID: 87yvrzzpp5jlu72uq3okuwv0zywtd7gz4256imw1ycjr4iy
Feedback-ID: 2433872:870588.24597:c46:li
From: <>
List-Subscribe: 3/29/2019 06:46:11
X-aid: 1815318600
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9pre)
Gecko/2008050715 Thunderbird/3.0a1
Message-ID: <>
X-CMAE-Envelope: MS4wfPLGdnzNsejCSYVQxJ0oySLic25dso1F6739LtVxAj/tjCLg9xg+uU6+fsABtF3LbJfm/qXykOeLf0dgObsTCo1Svas7cFP/G4RvEqiJn4cXRAUEt7sb
X-Spam: Ironport 50%

This is a multi-part message in MIME format

Content-Type: multipart/alternative;

Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: base64

Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: base64



In my opinion, it's a spoofed email. Having said that, since you posted your email address I checked it at and it does bring up one hit on a data breach back in February 2019. So I would hope you have changed your password anywhere you use that email account. But that's not the main reason why I am replying. I receive one spam message a day on my account even though I have completely disabled the MX records in DNS. The message header is very similar to yours. The first similarity is the following line:

by CMGW with ESMTP


I'm not certain what CMGW is, but I think it has something to do with SMS texting. I'm still researching this, because this must be how it's sneaking into my inbox.


The other thing that is similar is the names of Godaddy's SMTP servers. They must all be mirror servers, as a ping -a to their IP addresses returns only the stated name. Here is a brief list of the servers from which I have received this spam message:


This is just a small sample. Each of the messages uses a different permutation of SMTP server names. And they ALL have the "by CMGW with ESMTP" line in the header. It is my hope someone on Godaddy's SMTP team sees this message. My domain is and you will see my only MX record (which I have temporarily changed 2 weeks ago) points to which should make it impossible for me to receive SMTP email to my catch-all account. Yet this one message still gets through every day. I suppose I can try deleting some of the other CNAMES in my DNS, but I hate doing things blindly. Hopefully someone from Godaddy will reply to this thread.


Hi @morenoa0922,


Welcome to the Community!

It's likely you were spoofed. Check out this article for what it means and how you can prevent it in the future. There are links at the bottom of the article to help you create an SPF record in the DNS of your domain. Here's the basics:


  1. don't reply to the email
  2. update your password
  3. create the SPF record



TLH - GoDaddy | Community Moderator
Supporting you at