This kinda raises an important issue. I already have SPF/DMARC/DKIM set
up. But because I use several mailing lists, I do not have a hard fail
set up. I get SO many notices when I send email to lists that I'm really
worried about defining hard failures/rejections.
But I'll play around with what you suggested.
Thomas
On 7/14/23 18:58, David B Funk wrote:
Assuming you own/manage your infrastructure it should be
straight-forward.
Create SFP records for your domain & SMTP server, set them to either
soft or hard fail mode.
If you can, also set up DKIM signing of your outgoing mail.
Then create rules that looks for your from address in a message and a
meta which says "if from me & DKIM-fail/SPF-fail hit it hard"
If you can work with the SPF hard fail you will also help to improve
your net reputation as spammers will have a harder time trying to "Joe
Job" you.
On Fri, 14 Jul 2023, Thomas Cameron wrote:
All -
I am suddenly getting hammered by a BUNCH of spam that appears to be
from me. It scores low, and even though I keep feeding it to Bayes,
it's still not hitting the threshold to be marked as spam.
When I check the headers, it's coming from multiple random email
servers, but many appear to originate from hotmail/outlook.com. So
from outlook.com, through some unsecured email server, then to my
server.
I'm trying to figure out how to block this stuff. Something like "if
it appears to come from me, but it's not actually coming from my
email server," block it. I don't necessarily think this is a job for
SA, but if there's a rule I can tweak or a setting I can change, I'm
all ears.
Thanks,
Thomas
