How to enable/disable anti-spoofing protection for Namecheap Private Email and why we need it

1. What is email spoofing?
2. How do I know if my account is being spoofed?
3. How to enable/disable anti-spoofing protection for Namecheap Private Email?
4. Why do I need to disable anti-spoofing protection?

1. What is email spoofing?

Email spoofing
is a forging of email address to make it seem like the message has been sent from you to trick people into opening it.

NOTE: although your email address may have been spoofed, it does not mean that the spoofer has gained access to your account. The message actually originates from the spammer's email account and is sent from the spammer's mail server.

2. How do I know if my account is being spoofed?
1. You receive mailer-daemon error messages (bounce back emails) to your INBOX that do NOT match any messages you sent. The return address might not match your actual email address, but uses your domain name. Usually such messages go to Spam folder.

2. You get the replies to the messages from people who received email from you, however you never sent these emails.

you won't see these messages in your Sent folder. That's the main difference between hacked and spoofed email account.

Since email spoofing is widely used by hackers to retrieve the sensitive information from the recipient using the email address similar to your own, we added Anti-Spoofing protection feature for Private Email users that may be enabled/disabled in a few clicks. By default Anti-Spoofing protection is enabled for all Private email accounts.

3. How to enable/disable anti-spoofing protection for Namecheap Private Email?

1. Sign in to your Namecheap account.
2. Go to Domain List menu on your left and click on caret to expand the associated services list  (make sure All Products is selected in the top right corner):

3. Look for your Private Email subscription in the list and click on Manage next to it:

4. Look for Email Security section and checkmark the box option Anti-Spoof Filter to enable it:

4. Why do I need to disable anti-spoofing protection?
There are some cases when Anti-Spoofing protection may interrupt normal functioning of mail service.

For instance, you have two domains ( and and each of them has an active Private email subscription. The first domain uses third-party mail service and have the corresponding MX records for it. The other domain still uses Private email MX records. When you send an email from to, the Private email server checks if there is a sender domain name in its database.

You may receive the following error or bounce back email after sending the message out:

This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error.
The following address(es) failed:
SMTP error from remote mail server after RCPT TO: < >:
host []: 553 5.7.1 < >:
Sender address rejected: not logged in

This means that the Private email server checks that the mail for is hosted on its server, so emails from this address cannot come from external SMTP server. This option is helpful if both sender and recipient have Private Email subscriptions. This is how our Anti-Spoofing protection works.

In order to avoid such error you need to disable Anti-Spoofing protection for the sender domain in Namecheap account - for this make sure Anti-Spoof Filter box is unchecked:

That's it!

                      Need any help? Contact our HelpDesk


28157 times


We welcome your comments, questions, corrections and additional information relating to this article. Your comments may take some time to appear. Please be aware that off-topic comments will be deleted.

If you need specific help with your account, feel free to contact our Support Team. Thank you.

Need help? We're always here for you.

× Close