Are spammers impersonating your outgoing email address?

What are you going to do about it?

A few weeks ago we hosted Gyula Németh of bluefox.email and a few other email based products for a Cloud War Games Tech Talk (It was a great talk and you should check it out). At the end Gyula strongly recommended setting the setting in the DMARC headers.

How its setup:

You can achieve that with some Terraform code like as follows:

resource "aws_route53_record" "schematical-com-ck3" {
  zone_id = aws_route53_zone.schematical_com.zone_id
  name    = "_dmarc.schematical.com"
  type    = "TXT"
  ttl     = 300
  records = [
    "v=DMARC1; p=quarantine; rua=mailto:xyz@schematical.com"
  ]
}

As a quick refresher this is a header that email clients can use to decide what to do with emails that they believe not to be coming from the actual sender. For example if some malicious party was trying to send malicious emails from schematical.com the above code would quarentine(AKA Mark as spam) the malicious email.

In addition to that it also sends the email address specified in the rua an email reporting the fraudulent email.

How it's going:

I didn’t take him as seriously as I should. I figured my various websites were too tiny for spammers to target. Oh boy was I wrong. I pushed that RUA header live and the fraudulent reports started flowing in. 10 a day some days.

Crazy right?

Questions For You:

Do you have DMARC settings for your various email domains?

If so, how do you have them setup?

Are there any other DNS records we should be setting to protect ourselves from malicious parties pretending to be us?