Spammers quite often ‘spoof’, or fake, the from address of an email.
As a result of this, many unsuspecting domain owners are being ‘blamed’ for spam that appears to come from their domain.
Fortunately, there is a relatively easy way to protect your domain from this: Publish DMARC policies.
If you are publishing SPF records and signing your email with DKIM, you can publish DMARC policies that tell receiving mail servers what do with emails that don’t align with the SPF and DKIM information.
SPF policies are DNS records that indicate what mail servers your mail is sent from.
DKIM is a way to add digital signatures to your email so that receiving mail servers can verify it was sent from an authorized source and that it wasn’t modified in transit.
Now what if you have a domain that you NEVER send email from?
Protecting those domains from being used in spam is even easier.
A while ago I added a new anti-spam technique to my mail server setup called “No Listing”.
No listing basically means putting a high priority MX record in the DNS that always rejects mail server connections..
It seems, however, that the qmail mail server can’t cope with that. It’s not RFC compliant.
(Read this entire post, as there is a very weird problem described later)
It’s been quite a while since I upgraded the hardware that runs this (and others) web site.
The warranty on the systems either will be expiring soon or has already expired.
So I bit the bullet and ordered a new Dell PowerEdge T310 server. The pertinent specs are:
- Quad core Xeon 2.66ghz processor
- 12gb RAM
- RAID controller
- 4 x 500gb hot swap drives (configured as 2 x 500gb RAID 1 sets)
The system arrived last week and I got it set up immediately.
I actually ordered the system with only one 250gb hard drive and 4gb of RAM … and upgraded it myself.
A few things annoyed me out of the gate …