[tor-relays] Protecting your domain's reputation
Felix Eckhofer
felix at tribut.de
Tue Aug 19 18:06:43 UTC 2014
Hey.
Am 19.08.2014 17:51, schrieb JusticeRage:
> The good news is, there is something you can do about it. This is
> exactly what Sender Policy Framework [1] was created for. Long story
> short, this is some information you can put in your DNS to indicate
> which machines are allowed to send e-mails for the domains, and which
> are not (hint: the exit node should not be listed in there).
You should consider adding a DMARC record as well (with the "reject"
policy). This is a somewhat more recent standard that allows you to
explicitly drop emails which do not have a DKIM signature for your
domain and/or fail SPF checks. Most of the "big" email companies seem to
respect DMARC now. See http://www.dmarc.org for details.
felix
More information about the tor-relays
mailing list