Protecting your domain from sending unsolicited e-mails (spam)

Protecting your domain from sending unsolicited e-mails (spam)

Posted by on 27. J 2020 in Blog

If you own a domain, that you don’t use to send e-mail from, it would be wise to actually protect it from forgery. Just because you don’t use it, if you don’t protect it, a spammer could spoof your domain for their evil purpose. So, do the world a favour and protect all your domains that you don’t use to send e-mail with these simple DNS-records:

Hostname Type Value
example.com TXT v=SPF1 -all
*._domainkey.example.com TXT v=DKIM1; p=
_dmarc.example.com TXT v=DMARC1; p=reject;

SPF-record tells us that no servers are allowed to send mail on behalf of example.com-domain
DKIM-record catches all potential lookups of a DKIM-key, and will always fail because p= nothing
DMARC-record tell us that if the SPF or DKIM fails, then please just reject the mail.

So, with these records, every SPF-check will fail, cause no server is allowed to send on behalf of example.com and DKIM will always fail, because there is no value in p. Then because both fail, DMARC says: reject this mail.