Re: Proper Way to Configure a Domain which never sends emails

Thank you all for your help. I've set it up as you all suggested (spf and dmarc entries in dns). This weekend I'm going to do some tests. Again, thanks El 20/08/2019 a las 15:42, Scott Morizot escribió: On Tue, Aug 20, 2019 at 5:46 AM Ignacio García > wrote: El

Re: Proper Way to Configure a Domain which never sends emails

The reject will only work when DKIM AND SPF are failing. So you have to setup SPF too. -all does the magic. Actually, no. DMARC only passes when DKIM or SPF passes. In the absence of any SPF, that's not a pass so DMARC will fail. It's a good idea to publish the SPF -all but in this case DMA

Re: Proper Way to Configure a Domain which never sends emails

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The reject will only work when DKIM AND SPF are failing. So you have to setup SPF too. -all does the magic. cheers, Karl On 20/08/2019 20:12, John Levine wrote: > In article > you write: >> El 20/08/2019 a las 9:28, Marco Davids via bind-users es

Re: Proper Way to Configure a Domain which never sends emails

In article you write: >El 20/08/2019 a las 9:28, Marco Davids via bind-users escribió: >> A TXT _dmarc.domain.tld "v=DMARC1; p=reject" might also be useful. >Wouldn't that imply having DKIM set up for the domain? No, of course not. It says that if mail isn't authenticated, reject it. An excell

Re: Proper Way to Configure a Domain which never sends emails

In article , Kevin Darcy wrote: > [ Classification Level: PUBLIC ] Huh? Why does something sent to a public mailing list need an explicit "classification level"? > > MXes are for *receiving* mail of course. The request is about *sending* > mail. True, but there's a common assumption that ma

Re: Proper Way to Configure a Domain which never sends emails

On Tue, Aug 20, 2019 at 5:46 AM Ignacio García wrote: > El 20/08/2019 a las 9:28, Marco Davids via bind-users escribió: > > A TXT _dmarc.domain.tld "v=DMARC1; p=reject" might also be useful. > > > > Wouldn't that imply having DKIM set up for the domain? > > > Short answer is no since nothing in D

Re: Proper Way to Configure a Domain which never sends emails

El 20/08/2019 a las 9:28, Marco Davids via bind-users escribió: A TXT _dmarc.domain.tld "v=DMARC1; p=reject" might also be useful. -- Marco Wouldn't that imply having DKIM set up for the domain? -- Ignacio ___ Please visit https://lists.isc.org/ma

Re: Proper Way to Configure a Domain which never sends emails

A TXT _dmarc.domain.tld "v=DMARC1; p=reject" might also be useful. -- Marco On 19/08/2019 23:31, Kevin Darcy wrote: > [ Classification Level: PUBLIC ] > > MXes are for *receiving* mail of course. The request is about *sending* > mail. > > Setting the SPF record to "-all" is probably about the b

Re: Proper Way to Configure a Domain which never sends emails

El 20/08/2019 a las 2:20, Kevin Darcy escribió: DNSBL is by IP, true, but there are other forms of "SMTP blacklist" that are by domain. Getting one's domain on one or more of those lists would help avoid the impact of someone trying to use the domain to spoof malicious email. Sure, you could wa

Re: Proper Way to Configure a Domain which never sends emails

[ Classification Level: PUBLIC ] DNSBL is by IP, true, but there are other forms of "SMTP blacklist" that are by domain. Getting one's domain on one or more of those lists would help avoid the impact of someone trying to use the domain to spoof malicious email. Sure, you could wait until *after* t

Re: Proper Way to Configure a Domain which never sends emails

[ Classification Level: PUBLIC ] MXes are for *receiving* mail of course. The request is about *sending* mail. Setting the SPF record to "-all" is probably about the best you can do, since AFAIK there is no universally-recognized way to signal "domain X never sends mail". Ironically, in order to

Re: EDITED: Proper Way to Configure a Domain which never sends emails

Hi, We (Arnold Holzel and I) gave a talk about SPF (with macros), DKIM, DMARC and MTA-STS during Black Hat USA two weeks ago. The slides contains example DNS records you can use. Also a kink to a Splunk app for get insight whether Your domain are abused. Link: https://i.blackhat.com/USA-19/Th

Re: EDITED: Proper Way to Configure a Domain which never sends emails

You might also want to set a DMARC Policy record with appropriate 'rua' and 'ruf' email reporting addresses. rua and ruf depend on remote mail centers being willing to send you this information (which is not always consistently done). Yet the reports might provideoccasional feedback if you ar

Re: EDITED: Proper Way to Configure a Domain which never sends emails

Hi, I would think declaring SPF as you say is the right course of action. I would consider setting up DMARC as well. Whether it's your intention or not, if you set up DMARC (a way for people to report mail claiming to be from you) you've essentially created a honey pot; maybe somebody will be

Re: Proper Way to Configure a Domain which never sends emails

In article , Ignacio García wrote: > Hi there. > > Thanks for your support. First message to the list, sorry if already > posted a similar question, but I haven't found mention anywhere. > > I have to set up dns records for a domain just for a web site, for which > we will NEVER send emails

Re: EDITED: Proper Way to Configure a Domain which never sends emails

On 19.08.19 15:01, Ignacio García wrote: I have to set up dns records for a domain just for a web site, for which we will NEVER send emails (though we might receive some from old customers), so I would like to announce somehow that emails sent from this domain should always be disregarded. I wa

EDITED: Proper Way to Configure a Domain which never sends emails

(Sorry, there was a typo in the original message) Hi there. Thanks for your support. First message to the list, sorry if already posted a similar question, but I haven't found mention anywhere. I have to set up dns records for a domain just for a web site, for which we will NEVER send emails

Proper Way to Configure a Domain which never sends emails

Hi there. Thanks for your support. First message to the list, sorry if already posted a similar question, but I haven't found mention anywhere. I have to set up dns records for a domain just for a web site, for which we will NEVER send emails (though we might receive some from old customers)