356

Important reminder, if you own a domain name and don't use it for sending email. (hear-me.social)

submitted 1 month ago by Jerry@hear-me.social to c/cybersecurity@fedia.io

75 comments fedilink hide all child comments

Important reminder, if you own a domain name and don't use it for sending email.

There is nothing to stop scammers from sending email claiming to be coming from your domain. And the older it gets, the more valuable it is for spoofing. It could eventually damage your domain's reputation and maybe get it blacklisted, unless you take the steps to notify email servers that any email received claiming to come from your domain should be trashed.

Just add these two TXT records to the DNS for your domain:
TXT v=spf1 -all
TXT v=DMARC1; p=reject;

The first says there is not a single SMTP server on earth authorized to send email on behalf of your domain. The second says that any email that says otherwise should be trashed.

If you do use your domain for sending email, be sure to add 3 records:
SPF record to indicate which SMTP server(s) are allowed to send your email.
DKIM records to add a digital signature to emails, allowing the receiving server to verify the sender and ensure message integrity.
DMARC record that tells the receiving email server how to handle email that fails either check.

You cannot stop scammers from sending email claiming to be from your domain, any more than you can prevent people from using your home address as a return address on a mailed letter. But, you can protect both your domain and intended scam victims by adding appropriate DNS records.

UPDATE: The spf and the dmarc records need to be appropriately named. The spf record should be named "@", and the dmarc record name should be "_dmarc".

Here's what I have for one domain.

One difference that I have is that I'm requesting that email providers email me a weekly aggregated report when they encounter a spoof. gmail and Microsoft send them, but most providers won't, but since most email goes to Gmail, it's enlightening when they come.

#cybersecurity #email #DomainSpoofing #EmailSecurity #phishing

(page 2) 25 comments

sorted by: hot top controversial new old

[-] ej@mastodon.social 1 points 1 month ago

@Jerry@hear-me.social I just recently realized this was a problem and was wondering how to fix it. Thank you, and the internet gods for placing this in my feed 🙏

[-] beepcheck@fosstodon.org 1 points 1 month ago

@Jerry@hear-me.social thank you for this post!

I've set up email servers using iRedMail and mailcow successfully with dmarc, etc., but this post really tied it all together for me.

now i have some dns to ... improve

[-] ellypony@lemmy.world 1 points 1 month ago

This is such thoughtfully written advice even though I’m not in CSI I’m still going to save it for later. Who knows. Thank you.

[-] MystikIncarnate@lemmy.ca 1 points 1 month ago

Right. I should do this.

[-] frikkelgard@troet.cafe 1 points 1 month ago

@Jerry@hear-me.social That's how it's done. Short and clear writeup. Thank you!

[-] rileywd@mastodon.social 1 points 1 month ago

@Jerry@hear-me.social If you want dmarc reports to go to a mailbox on a different domain, that domain (photontorpedo.mozmail.com here) needs a DNS record to say that it'll accept them - https://mxtoolbox.com/problem/dmarc/dmarc-external-validation

some of the domains in your bio also have broken/no dmarc 😉

[-] zhhz@mastodon.social 1 points 1 month ago

@Jerry@hear-me.social People using iCloud Custom Email, please add the _dmarc record (consider "v=DMARC1; p=reject; adkim=s; aspf=s;"), because Apple doesn’t add it for you automatically or include this in its guide, and I just realized my email address has been used for spam.

[-] pasmac@atmasto.com 1 points 1 month ago

@Jerry@hear-me.social arghh forgot to up date the IP address …. 🤬
Good tip

[-] al1r4d@pegelinux.top 1 points 1 month ago

@Jerry@hear-me.social thank you sir

[-] daniel@masto.doserver.top 1 points 1 month ago

@Jerry@hear-me.social Can you undo this later without consequence?

[-] Jerry@hear-me.social 1 points 1 month ago

@daniel@masto.doserver.top
Should be able to.

[-] daniel@masto.doserver.top 1 points 1 month ago

@Jerry@hear-me.social (Just thinking from a cache perspective)

load more comments (1 replies)

[-] simrob@social.wub.site 1 points 1 month ago

@Jerry@hear-me.social thanks for sharing this. It was boosted into my neck of the woods and I don’t actually know who you are - is there a semi-authoritative place this advice is documented that I can 1) double check, because that seems like a good idea at least in principle with security related stuff like this and 2) pass on to others?

[-] troy@opencoaster.net 1 points 1 month ago

@Jerry@hear-me.social also good idea while you’re in there to make sure you don’t have any old records pointing to servers you don’t own anymore.

[-] jzakotnik@mastodon.social 1 points 1 month ago

@Jerry@hear-me.social wow thanks, this is useful

load more comments

this post was submitted on 15 Dec 2024

356 points (100.0% liked)

Cybersecurity

2 readers

99 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

founded 2 years ago

MODERATORS

shellsharks@fedia.io

tweedge@fedia.io