SPF record for similar domains to NOT allow emails?

rmorin · May 6, 2020, 12:08pm

Hello all…

We have had in the past i will call them “Bad People” registering similar domain names to the company I work for and send out phishing emails asking for bank info, they almost succeeded, was way too close.

So i went and bought all the similar domain names that i could get in order to stop others from doing so. So now i have about 20 similar domains but want to create a SPF record that indicates NOT to allow any emails from these domains. Is there a simple way to do this?

Thanks and to all a safe day!

Rob Morin
Montreal, Canada

opvind · May 17, 2020, 1:38pm

Defensively buying and securing similar domain names is a game of Whack-a-Mole, but you should set a SPF record allowing no sending servers:
text= “v=spf1 -all”,
and a DMARC policy of reject:
_dmarc text= “v=DMARC1; p=reject;”
Add rua and maybe ruf mail address(es) to the DMARC record if you wish to monitor attempted abuse.

Topic		Replies	Views
Question about mail servers and DMARC Technical Help	4	983	November 6, 2021
Help to understand threat categorization Technical Help	1	709	July 27, 2020
~all SPF record with include still REJECTED	4	1841	September 2, 2019
What kind of DMARC policy for unused domains? Technical Help	3	925	October 28, 2020
Someone spoof my domain email Technical Help	6	1415	May 14, 2022

SPF record for similar domains to NOT allow emails?

Related Topics