EDITED: Proper Way to Configure a Domain which never sends emails
Karl Lovink
karl at lovink.net
Mon Aug 19 19:22:47 UTC 2019
Hi,
We (Arnold Holzel and I) gave a talk about SPF (with macros), DKIM, DMARC and MTA-STS during Black Hat USA two weeks ago. The slides contains example DNS records you can use. Also a kink to a Splunk app for get insight whether Your domain are abused.
Link: https://i.blackhat.com/USA-19/Thursday/us-19-Hoelzel-How-To-Detect-That-Your-Domains-Are-Being-Abused-For-Phishing-By-Using-DNS.pdf
Sincerely yours,
Karl
> On 19 Aug 2019, at 18:56, Dean Eckstrom <dae1 at cornell.edu> wrote:
>
>
> You might also want to set a DMARC Policy record with appropriate 'rua' and 'ruf' email reporting addresses.
>
> rua and ruf depend on remote mail centers being willing to send you this information (which is not always consistently done). Yet the reports might provideoccasional feedback if you are actually being spoofed. It's additional information that normally you wouldn't be able to get.(https://tools.ietf.org/html/rfc7489).
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190819/58c9182a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2362 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190819/58c9182a/attachment-0001.bin>
More information about the bind-users
mailing list