Limit information in Track Delivery
Today anyone adding a domain like example.com to a cPanel-account will see all emails sent from that server to @domain.com-email addresses in Track Delivery. This includes timestamps, source email-address and source IP-address. That functionality is independent of where the email is actually hosted. This could be a privacy issue, especially if a domain used by a major email provider is added to an account.
It seems safer to only include in Track Delivery only those emails that have actually been delivered to or sent from a cPanel-account. There are limits to how much can be achieved in overcoming malicious activity(see below) but this would help a bit. It is perhaps more applicable in situations where a cPanel-account should have a domain added to host a website, but where the people having access to the account aren't necessarily trusted to see who else on that server is sending emails to the domain.
It is worth noting that a user could still add a domain to a cPanel-account and set Email Routing to Local Email Exchanger and capture all emails to that domain, but that is a harder problem to solve. A more restrictive way to include data in Track Delivery should however be quite safe.
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
Johan,
I think I'm following your feedback here. I wanted to clarify, do you have "Allow Remote Domains" turned on for users? Or "Prevent cPanel users from creating specific domains" turned off?
Johan,
I think I'm following your feedback here. I wanted to clarify, do you have "Allow Remote Domains" turned on for users? Or "Prevent cPanel users from creating specific domains" turned off?
Replies have been locked on this page!