Fax-to-Email Sender Domain Uses Customer Domain, Increasing Spoofing/Phishing Risk
- Open
- Subscribe
|
M |
MarkoVarga |
Reference Ticket Id: #CS46484
The current fax-to-email implementation inserts the customer’s domain (e.g., @newburypc.com) into the sender address for their customers inbound faxes. This behavior is causing concern because it appears as if emails are originating from the customer’s domain, increasing the likelihood of spoofing concerns, phishing risk, and spam filtering issues.
Current Behavior:
When a fax is received, the system formats the sender email as:
@
Example: 13072456410@newburypc.com
This occurs regardless of the actual originating domain of the sender.
The backend system (mr90.mia.ringlogix.com) is responsible for sending these emails.
The reseller’s domain is inserted into the sender address even when the originating number is unrelated to that domain.
Example Cases:
Fax received:
03/26/2026 3:24 PM
From: 13072126410@newburypc.com
To: acctg@wateryourgrass.com
Fax Message
Another example:
03/17/2026 10:17 AM
From: 17863584549@newburypc.com
To: acctg@wateryourgrass.com
(email belonging to a reseller customer)
Note: The phone number does not belong to newburypc.com, but the domain is still applied.
Clarification from Support:
This is expected behavior and not considered spoofing internally.
The system intentionally inserts the reseller/customer domain.
Currently, this behavior is not configurable.
Problem / Impact:
Creates the appearance that emails are being sent from the customer’s domain, which:
Increases phishing/social engineering risk
Reduces trust in legitimate communications
Raises likelihood of emails being flagged as spam or spoofed
Customers may mistakenly trust malicious emails if they appear to come from a known domain
Potential reputational risk to the domain owner (e.g., newburypc.com)
Requested Enhancement:
Allow configuration of the sender domain for fax-to-email messages, such as:
Use a neutral/system domain (e.g., fax.ringlogix.com)
Use a dedicated subdomain (e.g., fax.newburypc.com)
Allow per-reseller or per-customer customization
Alternatively, provide an option to disable domain rewriting entirely
Additional Notes:
Even if not immediately feasible, this should be considered as a feature request due to security and deliverability implications.
Priority Justification:
Medium/High
(Security, email deliverability, and customer trust are directly impacted.)