Paper Lantern for cPanel accounts is being retired this year. Find out more »
cPanel & WHM Version 102 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

Limit information in Track Delivery

Johan O shared this idea 4 months ago
Need More Information

Today anyone adding a domain like example.com to a cPanel-account will see all emails sent from that server to @domain.com-email addresses in Track Delivery. This includes timestamps, source email-address and source IP-address. That functionality is independent of where the email is actually hosted. This could be a privacy issue, especially if a domain used by a major email provider is added to an account.

It seems safer to only include in Track Delivery only those emails that have actually been delivered to or sent from a cPanel-account. There are limits to how much can be achieved in overcoming malicious activity(see below) but this would help a bit. It is perhaps more applicable in situations where a cPanel-account should have a domain added to host a website, but where the people having access to the account aren't necessarily trusted to see who else on that server is sending emails to the domain.

It is worth noting that a user could still add a domain to a cPanel-account and set Email Routing to Local Email Exchanger and capture all emails to that domain, but that is a harder problem to solve. A more restrictive way to include data in Track Delivery should however be quite safe.

Replies (1)

photo
1

Johan,

I think I'm following your feedback here. I wanted to clarify, do you have "Allow Remote Domains" turned on for users? Or "Prevent cPanel users from creating specific domains" turned off?

Leave a Comment
 
Attach a file