Author: P.Holzmann (17 Mar 22 7:48pm)
I have a very old two-letter domain that's already a honeypot in some ways (SPF -all) --
* The domain is ONLY used for machine names
* Our mail server uses the domain, but NO email addresses use that domain :)
* Thus, there are no valid email addresses in the domain, and the domain never sends email.
When I turned on SPF and DMARC years ago, a lot of spammers were in the spotlight.
Due to that history, I sense I should create a subdomain for the official PHP.
But I'm wondering... I see NO information here about how to set up for compliance with modern email security:
What should we do?
* Set up -all SPF, or authorize one or more PHP servers?
* Set up DMARC? What settings?
* Obviously DKIM is not needed as a honeypot is not sending email
(Although I see a discussion of PHP servers emitting backscatter? That sounds like a bug.)
It seems to me that setting up DMARC provides a GREAT opportunity for PHP to capture email spoofers... which is a pretty large problem in reality.
Thoughts?
Pete
|