Advanced protection of your domains
Contents
Enable DNSSEC
Prevent abuse of domains that send/receive email
Prevent abuse of domains that do not send/receive email
Enable DNSSEC
Coming soon. Ask Customer Service.
Prevent abuse of domains that send/receive email
SPF
SPF has been set up per default in Bricksite Mail, but you can increase the protection level against email abuse by changing from ~all to -all at the very end of the SPF record.
DKIM
Must be set up through Customer Service.
DMARC on a single domain
_dmarc.maindomain.tld. 3600 IN TXT "v=DMARC1; p=reject; rua=mailto:mail@maindomain.tld; ruf=mailto:mail@maindomain.tld; fo=1;"
We recommend setting DMARC to p=reject; (or as the bare minimum p=quarantine;), which blocks spam and prevents abuse of your domain.
DMARC across multiple domains
If you have many domains you are able to synchronize the DNS–settings, which means you need only edit these settings once.
On all secondary domains the following record is set, which redirects to the main domain:
_dmarc.secondarydomain.tld. 3600 IN CNAME _dmarc.maindomain.tld.
On the main domain these two records need to be set up. This record is the only one which needs updating in future.
_dmarc.maindomain.tld. 3600 IN TXT "v=DMARC1; p=reject; rua=mailto:mail@maindomain.tld; ruf=mailto:mail@maindomain.tld; fo=1;"
*._report._dmarc.maindomain.tld. 3600 IN TXT "v=DMARC1;"
Prevent abuse of domains that do not send/receive email
MX
MX should be deleted completely, or filled with a single dot (.).
SPF
maindomain.tld. 3600 IN TXT "v=spf1 -all"
and
*.maindomain.tld. 3600 IN TXT "v=spf1 redirect=maindomain.tld"
DKIM
*._domainkey.maindomain.tld. 3600 IN TXT "v=DKIM1; p=;"
and
*._domainkey.*.maindomain.tld. 3600 IN CNAME dkim-reject._domainkey.maindomain.tld.
DMARC
_dmarc.maindomain.tld. 3600 IN TXT "v=DMARC1; p=reject;"
Updated on: 28/10/2021
Thank you!