Who sends bounce back for clear failed strict dmarc - can be simply
blocked by antispam rules, with clear soul :)
Regards,
Dmytro Alieksieiev
DevOps Engineer
On 25/11/2025 22:36, Jaroslaw Rafa via Postfix-users wrote:
Dnia 25.11.2025 o godz. 21:57:16 Dmitriy Alekseev via Postfix-users pisze:
Sure, just configure strict SPF, sign all emails with DKIM & configure
DMARC as p=reject sp=reject
That assumes all the servers that are currently sending bounces check DMARC
and will reject messages that fail DMARC. There's no guarantee they do.
Answering the OP's question, in general there is no way to block some bad
actor's server to impersonate you and send mail in your name to some other
server, because the mail is exchanged between two third parties - you are
neither (actual) sender nor recipient, so you have no way to interfere with
this process.
Setting DMARC as per above suggestion may cause servers *that honor DMARC
setting* (as this decision is entirely up to the receving end's
configuration) to reject messages that impersonate you.
But I suspect this may not be the case with the particular servers you are
receiving bounces from, exactly because *they send bounces*, which
inidicates they are probably misconfigured. Properly configured server
should outright reject a message it can't deliver, not later send bounces to
the sender. If they send bounces because they can't deliver message,
there's quite high probability that even if they check DMARC, in case of
DMARC failure they will also send bounces instead of rejecting the message.
Which won't improve your situation in any way.
Do I understand correctly that these bounces come to random addresses in your
domain? If yes, why are you accepting them? You should accept only messages
to addresses that actually exist, and reject all else. That *can* largely
reduce the amount of bounces you are getting.
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
