• Contact Us
  • Pricing
  • Search
  • Register
  • Login
  • DNS Tools
    • MX Records
    • A Records
    • CNAME Record
    • PTR Record
    • SPF/TXT Records
    • NS Records
  • Domain Tools
    • ARIN Records
    • WHOIS Records
  • Blacklists
    • Blacklist Checker
    • Whitelist Checker
    • Email Blacklist Removal Tool
  • Email Tools
  • Port Scans
  • Other Tools
    • IP Tools
      • IP Address Converter
      • IP Address Locator
      • IP Range To CIDR
    • Chrome Extension - Email Deliverability Checker
  • Blog
    • First Time Sender
      • Email Certification
      • Email Throttling
      • IP Warming
    • Formatting Emails
      • For Browsers
      • For Devices
      • For Email Clients
    • How To Avoid
    • How To Set Up
    • Mail Tester Guide
      • Email Headers Explained
      • MX Records, PTR Records, and Reverse PTR Records AKA rDNS
      • RFC Syntax Checking
      • Email Port Checks
      • SPF Record and Alignment
      • DKIM Signatures and Alignment
      • DMARC Checker
      • Mail Tester Test Tool
    • Measuring Peformance
      • Bounces
      • Clickthrough Rates
      • Open Rates
    • Related Resources
    • Rules to Follow
      • Can Spam Act
      • Postmaster Guidelines
  • Member Services
    • Members Area
    • Blacklist Monitoring
    • Complete Monitoring Solution
    • Domain Name Monitoring
    • Feedback Loop Submissions
    • Full Port Scan Monitoring
    • Mail Tester Pro Tool
    • Mail Miner
    • Spam Detector Toolbox
    • Trusted Sender Site Seal

Non Email Sending Domains

Just because you have a domain that you don't use to send email, doesn't mean you don't need to protect yourself. For instance, let's say you own two domains, one called "AcceptPayments.example.com" and the other called "MyStore.example.com". You're a busy store and a well known brand that uses the email address called "payments@acceptpayments.example.com" to process all your payments for the sales at your popular store. Your store domain doesn't send any mail.

An email scammer comes along and notices how your business uses emails and realizes that you set up your acceptpayments.example.com with all the latest RFC Authentication methods (DKIM, DMARC, SPF, ETC) to help prevent email fraud. He then sees that you have another url that's not configured to send mail. That email scammer then targets your non email sending domain by sending emails spoofing your non email sending domain from address "Payments@MyStore.example.com" and when other mail servers go to validate those emails, they notice that it doesn't have any authentication and marks the email as neutral and it lands in your customers’ inbox, asking them to reset their password at a fake location. The customer thinks the email is from "MyStore.example.com", and clicks the link and proceeds to change their password on a site that's stealing your customers' passwords. This is one of many examples of email fraud committed on non email sending domains.

How do I prevent this email sending from my domain?

The answer is simple; you need to setup SPF policies on all your non email sending domains. To do that you'll need to create a DNS entry.

Awesome, what syntax do I need to add to DNS?

Your SPF Record will look like this:

MyStore.example.com. IN TXT "v=spf1 -all"

The record above tells the incoming mail server to reject all emails from this domain.

Source: Unlock The Inbox
Copyright © 2019 Unlock The Inbox