When I have done all I can with DMARC, DKIM and SPF. have I only hardened mail going out from my domain? Can I refuse reception of mails coming from sites not setup properly with DMARC? I get mails from spoofers and spammers allthough I get a good classification when testing on different sites for my own domain. Or have I missed a setting somewhere in ISPC? I'm only running 2 servers of which only one is having e-mail server active. I'm just serving my own mail and family members. So I'm not using it big scale, but is curious and want to do it right. Occasionally I take the header of one of the mails getting through and analyze it at for instance https://mxtoolbox.com/ where they analyze the header. And it clearly reports that the sender email does not comply to SPF. Shouldn't it then be possible to refuse reception of it alltogether?
DMARC, DKIM, and SPF are all for outgoing mail. For incoming mails, you can configure your spamfilter and tweak the scores/learn ham/spam. Are you using rspamd or amavis?
That is not entirely correct. You can enforce SPF reducing complaints or mailer daemons in the inbox Also for DMARC/DKIM one can specify strict rule. This greatly reduces some sort of spam you get from spammers using your domain. Like they will use [email protected], spoofed to send to some known addresses of @yourdomain.de If the setting on DNS is relaxed or in testing mode, it'll pass. For DKIM watch out for: t=y And for SPF check if you use ~ or - in your DNS
But you should be aware that manually enforcing e.g. DMARC will also cause the loss of some legit emails. I would recommend adjusting the spam filter levels if you feel that too much spam slips trough, as the spam filter is using a weighted approach for Dmarc, spf, dkim, Bayes filters etc. to achieve a good result while trying to avoid blocking valid emails.
@Th0m: I'm using Rspamd. I think I will have to look for clues in the manual to find out how to filter better for spam.
How did you configure your spam policy and did you assign the policy to the domain? Is the mailbox inheriting the policy from the domain or configured to use a different policy?
