Mailbox security checks

If your mailbox has been compromised, you may not even be aware of it. A common method of fraud is to crack the password of a mailbox and then add an email forwarder so that a copy of all mail is forwarded to an illegitimate address.

Perform the following safety checks regularly:

  1. Change your mailbox password
  2. Check for illegitimate mail forwarders

Security checks via Webmail

Access your Mailbox

  1. Browse to the Webmail login page.
  2. Login with your full email address (eg. me@my-domain.com) and email password. (passwords are case-sensitive)
  3. Select Settings from the left-hand menu.

Check Forwarders

  1. Choose Settings > Manage Mailbox.
  2. Log in using the same login details as earlier.
  3. Under the Forwarders section, check that any email addresses listed here are legitimate.
  4. To remove a forwarder, delete the email address.
  5. Click on Update Mailbox at the bottom of the page.

Check Filters

  1. Choose Settings > Filters.
  2. The Filter set is Roundcube.
  3. Under Filters check that any filters here are legitimate. The details of the filter are reflected in the right panel.
  4. To delete a filter click on Delete (trash can) above the selected filter.

Security checks via your Control Panel

Forwarders can also be managed within your Control Panel, and is convenient for managing all mailboxes for a domain. Note, though, that mail filters cannot be viewed here.


  • xneelo Control Panel

    1. 1
      Log in to the xneelo Control Panel.
    2. 2
      Select a Product (e.g. Web Hosting) from the side menu.
    3. 3
      Click on the domain name.
    4. 4
      Under Mail tools, select Mail Admin.
    5. 5
      The main window will display all the active mailboxes already in use for your domain.
    6. 6
      Select the 3 dots menu and click on Forwarders. Check that any forwarders listed here are legitimate.
    7. 7
      To delete a forward, select X.
    8. 8
      Select Save.





  • konsoleH

    1. 1
      Browse to konsoleH and log in.
    2. 2
      Access the  Hosting Services tab on the relevant domain.
    3. 3
      Select Mail from the left-hand menu.
    4. 4
      Select Manage Accounts.
    5. 5
      The main window will display all the active email accounts already in use for the domain.
    6. 6
      The + Forward fields (numbered 2 to 6) allows you to forward a copy of all emails received to an external email address that is unrelated to your domain. Check that any forwarders listed here are legitimate.
    7. 7
      To delete a forward, click Edit in the relevant row, then remove the email address listed.
    8. 8
      Click Save.



Assist Note

All xneelo-hosted domains have access to a free Let’s Encrypt SSL certificate, which can be used to secure both your email and your website. 

Assist Tip

Financial email addresses are often at risk, such as finance@example.com or billing@example.com, but this could happen to even the most innocent looking email address. Typically the mailbox would be monitored for any financial information that can be accessed and used fraudulently.

An invoice from a supplier could be intercepted in this way. The invoice is then fraudulently updated with the hacker’s banking details, and resent. Such an email would look legitimate and result in financial loss.

Even updating the mailbox to a strong password won’t remove any current forwarders, so it is important to check for forwarders when updating the password on a regular basis.

Related Posts: