Phishing emails that impersonate hosting companies are common — a convincing-looking "your account has been suspended" or "your invoice is overdue" email can pressure even careful people into clicking a bad link. This article covers how to tell a genuine CanSpace email from a fake, what we'd never do, and what to do if you've already clicked.
What our real emails look like
Legitimate email from CanSpace comes from one of these sending addresses:
- [email protected] — automated system notices (invoice generated, payment received, domain renewal reminders, "your new account is ready")
- [email protected] — replies to sales enquiries and general contact-form messages
- [email protected] — ticket notifications ("a staff member has replied to your ticket")
- Ticket replies from [email protected] where the body text includes a ticket number and a link to the client area
- Mailings (product announcements, service notices) from [email protected]
Occasionally staff reply from their personal CanSpace address (for example, [email protected]) when following up on a specific ticket — these will always continue an existing conversation you already know about, not arrive out of the blue.
Things we'd never do
If an email claiming to be from CanSpace does any of the following, it's not from us:
- Asks for your password. We don't need it and never will. Anything requesting your cPanel, client area, or email password is a phishing attempt — full stop.
- Asks you to pay an invoice via wire transfer, cryptocurrency, gift cards, or a link outside your client area. All legitimate invoices are paid through the client area at canspace.ca/clients.
- Threatens immediate suspension or account closure if you don't act in the next hour. Real suspension notices include specific reasons (non-payment of a specific invoice, abuse complaint) and give reasonable notice.
- Asks you to "verify your account" by clicking a link and re-entering credentials. We don't do account verification this way.
- Includes a .zip, .exe, or .html attachment claiming to be an invoice or notice. Our invoices are always linked to from the email, not attached — and never .html or .exe.
- Has obvious mistakes — lookalike domains (
canspace-billing.com,canspacesolutions.net), bad grammar, missing your name, or a "Reply-To" address that doesn't match canspace.ca.
How to verify a suspect email
A few quick checks before you click anything:
1. Look at the full From address
On a phone, tap the sender's name to see the full email address. On desktop, hover over the sender. The domain must end in @canspace.ca — not @canspace.com, @canspace-support.net, @canspacesolutions.ca, or anything similar. Lookalike domains are the single most common phishing trick.
2. Hover over links before clicking
On desktop, hover your cursor over any link in the email (don't click). Your mail client will show the real destination in the bottom of the window. On mobile, press and hold a link to see its target. Genuine links from us go to canspace.ca (or www.canspace.ca) — never a third-party domain, URL shortener (bit.ly, tinyurl.com), or IP address.
3. Go to the client area directly
If the email claims there's an issue with your account or an invoice, don't click the link. Open a new browser window and type canspace.ca/clients yourself. If there's a real issue, you'll see it in your dashboard. This is the single best habit to develop — it defeats almost every phishing attempt.
4. Check the email headers
If you want to be thorough, view the full email headers (usually View source or Show original in most mail clients) and look for:
- SPF, DKIM, and DMARC results — all three should pass for emails from canspace.ca.
- The Return-Path and Received-from addresses — should both reference canspace.ca infrastructure, not a random third-party server.
If any of these fail, the email is almost certainly spoofed.
What to do if you think you received a phishing email
- Don't click any links or open attachments.
- Forward the email to [email protected] so we know it's circulating. Use your mail client's "forward as attachment" option if available — it preserves headers we can analyze.
- Delete the email.
What to do if you already clicked or gave up credentials
If you entered your password on a phishing page, or downloaded an attachment from one:
- Change the password immediately. If it was your client area password, reset it via the client area → Forgot Password. If it was your cPanel password, see Reset your cPanel password. If it was your email password, see Change your email password.
- Enable two-factor authentication on your client area account — it's the single best defense against password-based attacks. See Enable two-factor authentication.
- If you downloaded and opened an attachment, run a full scan with your operating system's antivirus. On Windows, Microsoft Defender is a solid baseline. On Mac, macOS's built-in protection is usually enough, but a reputable on-demand scanner (Malwarebytes) can confirm.
- Open a support ticket to let us know. We can check for unauthorized activity on your account — new mail forwarders added, unusual logins, outgoing spam — and clean up anything that looks off.
A note on real bounce messages and system alerts
You will occasionally receive automated emails that look alarming but are genuine — bounce messages when an email you sent didn't deliver, quota warnings when a mailbox is filling up, payment-failed notices when a card expired. These are real and worth reading. What distinguishes them from phishing is that they don't ask you to click a link and enter credentials — they just inform you of a status, and any action you need to take can be done by going to the client area or cPanel directly.
Related articles
- Enable two-factor authentication on your account
- Reset your cPanel password
- Change your email password
- Understanding email bounce messages
Unsure about an email? Forward it to [email protected]
