Spam from my domain - ORF Forums

Spam from my domain RSS Back to forum

1

Comes spam from himself or from another existing mailbox in our domain @ domain.ru How to block this? Spf, dkim, dmarc installed, letters still reach our mail server allegedly from us

by bnefedov 5 years ago
2

sometest (like https://www.smtper.net/ )
im recive email from to

by bnefedov 5 years ago
3

@bnefedov: Hello bnefedov,

If you have a syntactically valid DMARC (TXT) record published for your domain in the DNS zone file of "_dmarc.domain.ru", and a valid SPF record for "domain.ru" then ORF should block these "self-spam" emails.

Note, however, that if your domain has a "p=none" policy in its DMARC record (i.e. you are still testing DMARC), ORF will not blacklist the spoofed emails by default. You can change this by removing the checkmark from the "Take not action if a 'p=none' policy is discovered" option, in the DMARC Test Settings dialog, or, by replacing the "p=none" policy with a "p=reject" or "p=quarantine" policy in the DMARC record of your domain.

You should also make sure that the emails in question were not "whitelisted" due to some configuration error: Start the ORF Log Viewer, load the log file from the day of the incident, then look for the spoofed emails (Ctrl + F / Ctrl + Shift + F) and check the information in the "Message" column. If the emails were "whitelisted", copy-paste the event message into your reply and I will tell you how to fix the issue.

by Daniel Novak (Vamsoft) 5 years ago
(in reply to this post)

4

This is how we block emails that say they are from our domain but didn't come from our server.

Create a Keyword blacklist.
Select Email header (raw MIME)
Under filter expression, keyword will be:
.*^From:[^\r\n]*\b[^\r\n]*@domain\.ru\b[^\r\n]*\s$
Select "regular expression"

We have had this implemented for years and works great.

by jean.davis 4 years ago
5

@bnefedov: contact your provider

by richiamelou 4 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2