Post AoOp4l4ZbMOPGQQhkW by hanno@mastodon.social
 (DIR) More posts by hanno@mastodon.social
 (DIR) Post #AoOp4jBEdcX7OVWzr6 by hanno@mastodon.social
       2024-11-25T08:51:21Z
       
       0 likes, 1 repeats
       
       Dear everyone who owns domains that are *not used for e-mail*, particularly ones that are potential targets for phishing (banks, high-profile names): Could you please configure SPF+DMARC, ideally with p=reject? You may wonder: Why should I configure anything email for a host that isn't used for email? Well... it helps others to identify spam sent with your domain as the sender.
       
 (DIR) Post #AoOp4l4ZbMOPGQQhkW by hanno@mastodon.social
       2024-11-25T08:53:16Z
       
       0 likes, 0 repeats
       
       I'm seeing lots of spam lately either from domains that have [easytoremembername].com and end up being domains for sale, or, today, a flood of [name of bank].de, which belongs to the bank, but is probably not used by them for email. All without DMARC.I don't recommend p=reject for actually used domains, but for domains that are *unused for email*, you have no deliverability problem, you want non-deliverability for all mails with that sender.
       
 (DIR) Post #AoOphMRh69lYB6eSWG by p
       2024-11-25T11:20:12.021945Z
       
       1 likes, 0 repeats
       
       @hanno If you get an email asking for bitcoin for a domain with no MX record or SPF record or DKIM from a Bangladeshi cell phone carrier's address space, I don't think setting an SPF record will tip the scales.The vast majority of spam that lands on my mail server comes from Google, Mailchimp, SendGrid, and that's about 90% last time I checked.  The other 10% is from some random .best or .icu or whatever domain, and the spammers set up a valid SPF record.  Domains with no SPF record are roundoff error.