Hmmm... I think I'm about to learn something.
1) aster.ds.org is our email server 2) I was under the impression that a "real" email server needs to be able to both receive (postmaster@) and send (MAILER-DAEMON@) administrative emails. What I have for SPF now is: email is ONLY valid from aster's IP. Question: Is it truly acceptable to say that an email server will accept no email (no MX) and will generate no email (blocked spf)? (I realize I could munge it so the server sends as one of our other domains. Somehow that feels incorrect... and the nice thing about allowing admin emails is it is about the simplest "real" email setup imaginable. NO normal emails, all emails are generated only at the server itself, blah blah blah.) Thanks for thinking this through with me ;) Pete On 10 Oct 2017 John Levine said... >In article <[email protected]> you >write: >>Is there anything I can do to fix this? > >I'd start by publishing an SPF record that just says >"-all" rather than what's in there now which says that >there's all sorts of places that real mail can come from. >A lot of places treat a plain -all as a special case for no >mail at all, as opposed to -all after other stuff which >means that you think these are the only places your mail >can come from but you're probably wrong. > >If you don't expect inbound mailto ds.org, a null MX is >also a good idea. You can still collect reports via your >dmarc record. > >You'll get less blowback, but it'll never go away. I >also have some ancient domains (try iecc.cambridge.ma.us) >and the spam never stops. > >R's, >John _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
