Spammers quite often ‘spoof’, or fake, the from address of an email.
As a result of this, many unsuspecting domain owners are being ‘blamed’ for spam that appears to come from their domain.
Fortunately, there is a relatively easy way to protect your domain from this: Publish DMARC policies.
If you are publishing SPF records and signing your email with DKIM, you can publish DMARC policies that tell receiving mail servers what do with emails that don’t align with the SPF and DKIM information.
SPF policies are DNS records that indicate what mail servers your mail is sent from.
DKIM is a way to add digital signatures to your email so that receiving mail servers can verify it was sent from an authorized source and that it wasn’t modified in transit.
Now what if you have a domain that you NEVER send email from?
Protecting those domains from being used in spam is even easier.
(Read this entire post, as there is a very weird problem described later)