How to protect a Plesk mail server against mail spoofing

Kuzma Ivanov

Updated April 16, 2026 06:24

Plesk for Windows kb: how-to Plesk for Linux

Applicable to:

Plesk for Linux
Plesk for Windows

Question

How to protect a Plesk mail server against mail spoofing?

Others are sending emails through my Plesk mail server, how to stop this from happening?
My Plesk mail server appears to be acting as an open mail relay and people are sending spam from it, what can be done to prevent this?

Answer

Plesk for Linux

Log in to Plesk.
Go to Tools & Settings > Mail Server Settings > SPF spam protection.
Verify that the setting Enable SPF spam protection to check incoming mail is ticked.
Set SPF checking mode to Reject mail when SPF does not resolve to “pass”
Apply the changes.
Install Plesk Email Security from Plesk Extensions.
Go to Tools & Settings > Plesk Email Security (under Mail section) > switch to the Server Settings tab.
Expand Advanced and under Postfix - Strict Rules check the Enable strict rules box.
Click Save.

Plesk for Windows Server

With MailEnable Standard edition, the following options are available against email spoofing:

Enable SpamAssassin spam filter in Plesk at Tools & Settings > Spam Filter.
Once enabled, configure SpamAssassin spam score setting.

Note: If SpamAssassin does not catch the spoofed emails with default settings, try decreasing the spam score value.
If you are using mail clients (for example, Outlook) for email management, you can set up rules that will automatically move spoofed emails with specific words in the subject to Junk or Deleted folders.
Block sender IP addresses via Firewall.
While it might be a time-consuming task, blocking senders' IP addresses which send the spoofed emails is the most reliable way with MailEnable Standard edition.

MailEnable offers licensed editions, which you may consider upgrading to - Professional, Enterprise or Premium.
All three editions give access to spam settings and mail filtering features:

MailEnable Spam Protection
MailEnable Spam Protection has a rule called Envelope sender does not match header sender which should identify spoofed emails with 100% accuracy.

MailEnable Spam Protection docs page:
- https://www.mailenable.com/documentation/10.0/Enterprise/spam%20protection.html
Mailbox Filtering
With Mailbox Filtering for MailEnable webmail, you can create a rule that will delete or put to spam folder emails with specific words in the subject.
MailEnable Mailbox Filtering docs page:
- https://www.mailenable.com/documentation/webmail/Mailbox_Filtering.html