Posted on September 12, 2020 at 11:46 am
Simple steps to make your domain emails not spoofeable:
1) Add a TXT record (SPF):
v=spf1 a mx ~all |
Or use include: to include specific hosts or IPs, example:
v=spf1 include:mx.ovh.com include:ip4:1.2.3.0/21 ~all |
2) Add a TXT record (DMARC):
v=DMARC1; p=quarantine; pct=100; rua=mailto:support@yourdomain.com; ruf=mailto:support@yourdomain.com |
Or you can use p=reject to reject emails:
v=DMARC1; p=reject; pct=100; rua=mailto:support@yourdomain.com; ruf=mailto:support@yourdomain.com |
3) Check your domain name (e.g website.com) with these tools:
https://www.smartfense.com/en-us/tools/spoofcheck/
https://www.ipvoid.com/email-spoof-check/
Here is an example scan report for domain amazon.com:
Found SPF record: v=spf1 include:spf1.amazon.com include:spf2.amazon.com include:amazonses.com ~all SPF record contains an All item: ~all Found DMARC record: v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@bounces.amazon.com; ruf=mailto:dmarc-reports@bounces.amazon.com DMARC policy set to quarantine Aggregate reports will be sent: mailto:dmarc-reports@bounces.amazon.com Forensics reports will be sent: mailto:dmarc-reports@bounces.amazon.com Spoofing not possible for amazon.com |
4) Check DNS TXT/DMARC records of popular domains:
https://www.ipvoid.com/txt-lookup/
https://www.ipvoid.com/dmarc-lookup/
You can copy SPF and DMARC records or popular domains (e.g amazon.com).
Just make sure to edit them with your domain data.
Other Posts
- Set OpenVPN to Listed on a Specific IP Address
- Bash Trim Leading and Trailing Whitespace from a String
- Bash Get Name of Ethernet Network Interface
- VPN Providers with Dedicated Static IP Address
- OpenVPN Iptables Rules
- WireGuard VPN Iptables Rules
- How to Install WireGuard VPN in Debian 10 Buster
- Bash: No space left on device (inodes issue)
Updated Posts
- Add Desktop shortcut for all Windows PC users
- How to pass custom command-lien parameters in InnoSetup
- Programmatically create desktop icon with InnoSetup
- GeneratePress - a Lightweight WordPress Theme 2021
- InnoSetup disable DesktopIcon via command-line
- Use cURL to authenticate with JWT Bearer tokens
- Detect VMWare Virtual Machine
- Detect Microsoft Virtual PC Virtual Machine