Git/email-toolbox-wiki
1
0
Fork 0
mirror of https://github.com/internetstandards/toolbox-wiki.git synced 2025-11-03 23:35:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

parked domain update

Browse Source
This commit is contained in:
Dennis Baaten
2020-05-27 11:21:20 +02:00
parent 6da0fac640
commit bb6a01d319
2 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
SPF-how-to.md
View File

@@ -28,7 +28,7 @@ Our current e-mail infrastructure was originally designed for any mail sending h
* The sender address shown to the user ("RFC5322.From") is not used when authenticating. SPF uses the invisible "RFC5321.MailFrom" header. Combining SPF with DMARC removes this disadvantage.
* E-mail forwarding is not supported, since the e-mail is often forwarded by another e-mail server.
* SPF does not work between domains that use the same e-mail server.
* Parked domains should be explicitly configured to not use e-mail. For SPF this is done with an empty policy and a hard fail: "v=spf1 all".
* Parked domains should be explicitly configured to not use e-mail. For SPF this is done with an empty policy (not mentioning any ip-adresses or hostnames which are allowed to send mail) and a hard fail: "v=spf1 all".
* When processing incoming mail we advise to favor a DMARC policy over an SPF policy. Do not configure SPF rejection to go into effect early in handling, but take full advantage of the enhancements DMARC is offering. A message might still pass based on DKIM.
* At the same time, be aware that some operaters still allow a hard fail (-all) to go into effect early in handling and skip DMARC operations.

13
parked-domain-how-to.md
View File

@@ -1,3 +1,14 @@
- [Introduction](#introduction)
- [What is a parked domain?](#what-is-a-parked-domain-)
* [Domain without e-mail](#domain-without-e-mail)
+ [Null MX](#null-mx)
+ [DMARC](#dmarc)
+ [DKIM](#dkim)
+ [SPF](#spf)
* [Domain without a website](#domain-without-a-website)
<small><i><a href='http://ecotrust-canada.github.io/markdown-toc/'>Table of contents generated with markdown-toc</a></i></small>
# Introduction
This how-to is created by the Dutch Internet Standards Platform (the organization behind [internet.nl](https://internet.nl)) and is meant to provide practical information and guidance on explicitly configuring a parked domain not to use e-mail.
@@ -18,10 +29,12 @@ Set DMARC policy to reject mails, but allow reporting to take place. This helps
`_dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:rua@example.nl; ruf=mailto:ruf@example.nl`
### DKIM
When used with a wildcard selector, setting an empty public key indicates that all previously used keys are revoked and must be considered unreliable. The owner of a domain can also use this to explicitly signal that a domain is not configured to use e-mail. See our [DKIM how-to](https://github.com/internetstandards/toolbox-wiki/blob/master/DKIM-how-to.md) for more information.
`*._domainkey IN TXT "v=DKIM1; p="`
### SPF
Set an an empty policy (not mentioning any ip-adresses or hostnames which are allowed to send mail) and a hard fail.
`example.nl IN TXT "v=spf1 all"`