Re: Proper Way to Configure a Domain which never sends emails

Thank you all for your help. I've set it up as you all suggested (spf and dmarc entries in dns). This weekend I'm going to do some tests. Again, thanks El 20/08/2019 a las 15:42, Scott Morizot escribió: On Tue, Aug 20, 2019 at 5:46 AM Ignacio García > wrote:

Re: Proper Way to Configure a Domain which never sends emails

The reject will only work when DKIM AND SPF are failing. So you have to setup SPF too. -all does the magic. Actually, no. DMARC only passes when DKIM or SPF passes. In the absence of any SPF, that's not a pass so DMARC will fail. It's a good idea to publish the SPF -all but in this case

Re: Proper Way to Configure a Domain which never sends emails

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The reject will only work when DKIM AND SPF are failing. So you have to setup SPF too. -all does the magic. cheers, Karl On 20/08/2019 20:12, John Levine wrote: > In article > you write: >> El 20/08/2019 a las 9:28, Marco Davids via bind-users

Re: Proper Way to Configure a Domain which never sends emails

In article you write: >El 20/08/2019 a las 9:28, Marco Davids via bind-users escribió: >> A TXT _dmarc.domain.tld "v=DMARC1; p=reject" might also be useful. >Wouldn't that imply having DKIM set up for the domain? No, of course not. It says that if mail isn't authenticated, reject it. An

Re: Proper Way to Configure a Domain which never sends emails

In article , Kevin Darcy wrote: > [ Classification Level: PUBLIC ] Huh? Why does something sent to a public mailing list need an explicit "classification level"? > > MXes are for *receiving* mail of course. The request is about *sending* > mail. True, but there's a common assumption that

Re: Proper Way to Configure a Domain which never sends emails

On Tue, Aug 20, 2019 at 5:46 AM Ignacio García wrote: > El 20/08/2019 a las 9:28, Marco Davids via bind-users escribió: > > A TXT _dmarc.domain.tld "v=DMARC1; p=reject" might also be useful. > > > > Wouldn't that imply having DKIM set up for the domain? > > > Short answer is no since nothing in

Re: Proper Way to Configure a Domain which never sends emails

El 20/08/2019 a las 9:28, Marco Davids via bind-users escribió: A TXT _dmarc.domain.tld "v=DMARC1; p=reject" might also be useful. -- Marco Wouldn't that imply having DKIM set up for the domain? -- Ignacio ___ Please visit

Re: Proper Way to Configure a Domain which never sends emails

A TXT _dmarc.domain.tld "v=DMARC1; p=reject" might also be useful. -- Marco On 19/08/2019 23:31, Kevin Darcy wrote: > [ Classification Level: PUBLIC ] > > MXes are for *receiving* mail of course. The request is about *sending* > mail. > > Setting the SPF record to "-all" is probably about the

Re: Proper Way to Configure a Domain which never sends emails

El 20/08/2019 a las 2:20, Kevin Darcy escribió: DNSBL is by IP, true, but there are other forms of "SMTP blacklist" that are by domain. Getting one's domain on one or more of those lists would help avoid the impact of someone trying to use the domain to spoof malicious email. Sure, you could

Re: Proper Way to Configure a Domain which never sends emails

[ Classification Level: PUBLIC ] DNSBL is by IP, true, but there are other forms of "SMTP blacklist" that are by domain. Getting one's domain on one or more of those lists would help avoid the impact of someone trying to use the domain to spoof malicious email. Sure, you could wait until *after*

Re: Proper Way to Configure a Domain which never sends emails

[ Classification Level: PUBLIC ] MXes are for *receiving* mail of course. The request is about *sending* mail. Setting the SPF record to "-all" is probably about the best you can do, since AFAIK there is no universally-recognized way to signal "domain X never sends mail". Ironically, in order

Re: Proper Way to Configure a Domain which never sends emails

In article , Ignacio García wrote: > Hi there. > > Thanks for your support. First message to the list, sorry if already > posted a similar question, but I haven't found mention anywhere. > > I have to set up dns records for a domain just for a web site, for which > we will NEVER send