Heads-up, internet domain owners!
Dec. 21st, 2024 01:14 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
soniaMastodon post: Important reminder, if you own a domain name and don't use it for sending email. by Jerry Lerman. Click through for the full discussion, but here's a summary.
I have to do this for some of my domains, but changing these settings is intimidating. I suppose if I'm not using those domains for email it can't do any harm... I found a how to guide for cpanel. And once I logged in to cpanel and looked at the Zone Editor, my settings are already reasonable, whew.
@themoonisacheese@sh.itjust.works says
There is nothing to stop scammers from sending email claiming to be coming from your domain. And the older it gets, the more valuable it is for spoofing. It could eventually damage your domain's reputation and maybe get it blacklisted, unless you take the steps to notify email servers that any email received claiming to come from your domain should be trashed.
Just add these two TXT records to the DNS for your domain:
TXT v=spf1 -all
TXT v=DMARC1; p=reject;
I have to do this for some of my domains, but changing these settings is intimidating. I suppose if I'm not using those domains for email it can't do any harm... I found a how to guide for cpanel. And once I logged in to cpanel and looked at the Zone Editor, my settings are already reasonable, whew.
@themoonisacheese@sh.itjust.works says
This is overall best practices and overall correct (as in: you should probably do this, and it will never hurt), but realistically any domain that doesn’t at least have an SPF record will be already treated as unable to send mail at all by any properly configured receiving server, especially ones that would report you to a blocklist.
This isn’t bad advice regardless, just a bit redundant.
