Protecting domains from spammers

Spammers quite often ‘spoof’, or fake, the from address of an email.

As a result of this, many unsuspecting domain owners are being ‘blamed’ for spam that appears to come from their domain.

Fortunately, there is a relatively easy way to protect your domain from this: Publish DMARC policies.

If you are publishing SPF records and signing your email with DKIM, you can publish DMARC policies that tell receiving mail servers what do with emails that don’t align with the SPF and DKIM information.

SPF policies are DNS records that indicate what mail servers your mail is sent from.

DKIM is a way to add digital signatures to your email so that receiving mail servers can verify it was sent from an authorized source and that it wasn’t modified in transit.

Now what if you have a domain that you NEVER send email from?

Protecting those domains from being used in spam is even easier.

To protect your domain from being the victim of this tactic, you can essentially flag your domain to indicate it never sends email.

To do this, you implement a  policy that states: Reject all mail that doesn’t align with published email policies.

What you need to do is go into your domain’s DNS manager and add two TXT records …

  1. A SPF record on the “@” (or root) domain containing “v=spf1 -all”. This tells a receiving mail server that you send from no servers and it should reject all others.
  2. Another TXT record named ‘_dmarc’ with the value “v=DMARC1; p=reject;”.

This DMARC policy tells receiving mail servers that it should reject all mail that doesn’t align with published SPF & DKIM information.

Since you aren’t publishing SPF or DKIM records, every email violates the policy, and all mail should be rejected.

Related posts ...
I really wish there was a way to indicate, in DNS, that a domain never
(Read this entire post, as there is a very weird problem described later) It's been
Well, our good friends at Yahoo are at it again. Once again they are deferring
Most ISP's and network providers have specific email addresses that you can report abuse to.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.