Anti-spoofing for Custom Domains (SPF, DKIM & DMARC)
Need Answer
Does mailbox.org offer anti-spoofing options for custom domains? I can find no information about this on the help pages. Other privacy-oriented providers, e.g. protonmail, do offer this (see here: https://protonmail.com/support/knowledge-base/anti-spoofing/).
Mailbox.org should make information about SPF, DKIM and DMARC easy to find.
Hi there and thanks for hanging in there with us. We totally get the challenges you and other users are facing with implementing anti-spoofing measures for custom domains on mailbox.org.
Just to let you know, it's definitely on our radar, but it needs careful planning and thorough checking of all security aspects.
Additionally, SPF settings are being honored and DMARC settings are a huge factor in our spam recognition. While we don't honor DMARC at a 100% right now, we do take it into account.
Rest assured, we're committed to this and grateful for your continued support and understanding.
Best regards from your mailbox.org-Team!
Hi there and thanks for hanging in there with us. We totally get the challenges you and other users are facing with implementing anti-spoofing measures for custom domains on mailbox.org.
Just to let you know, it's definitely on our radar, but it needs careful planning and thorough checking of all security aspects.
Additionally, SPF settings are being honored and DMARC settings are a huge factor in our spam recognition. While we don't honor DMARC at a 100% right now, we do take it into account.
Rest assured, we're committed to this and grateful for your continued support and understanding.
Best regards from your mailbox.org-Team!
You can always just check the DNS Records yourself.
Short anwer: Yes, mailbox.org uses SPF, DKIM and DMARC.
Long answer: Everyone can send Emails in your name anyway. The mailbox.org SMTP servers do not check if you spoof your from address. See this discussion in the german forum: https://userforum.mailbox.org/topic/mailbox-org-smtp-server-stellt-mails-mit-gefakten-absender-zu
You can always just check the DNS Records yourself.
Short anwer: Yes, mailbox.org uses SPF, DKIM and DMARC.
Long answer: Everyone can send Emails in your name anyway. The mailbox.org SMTP servers do not check if you spoof your from address. See this discussion in the german forum: https://userforum.mailbox.org/topic/mailbox-org-smtp-server-stellt-mails-mit-gefakten-absender-zu
Gmail antispam system uses DKIM and DMARC. If I send an email with my custom domain to a Gmail user that will may be redireced to spam
Gmail antispam system uses DKIM and DMARC. If I send an email with my custom domain to a Gmail user that will may be redireced to spam
The easy way is to use openssl and generate your private and public keys with this:
If you want a 2048 bit key change "1024" with "2048".
With a TXT record you have to add:
The SPF it's easy and reported in the support section of mailbox.org site, just add in a TXT record: v=spf1 include:mailbox.org and leave the host empty.
DMARC it's just a string, you don't have to generate nothing, again in a TXT record put:
(You can create an alias just for DMARC like reports-dmarc@yourdmain.TLD)
You can find openssl for every GNU/Linux distro and also on Windows I think.
Hope this helps you.
The easy way is to use openssl and generate your private and public keys with this:
If you want a 2048 bit key change "1024" with "2048".
With a TXT record you have to add:
The SPF it's easy and reported in the support section of mailbox.org site, just add in a TXT record: v=spf1 include:mailbox.org and leave the host empty.
DMARC it's just a string, you don't have to generate nothing, again in a TXT record put:
(You can create an alias just for DMARC like reports-dmarc@yourdmain.TLD)
You can find openssl for every GNU/Linux distro and also on Windows I think.
Hope this helps you.
I'm happy to say that the mailbox.org team added DKIM and DMARC support.
In the knowledge base there are all the info. You can check it here https://kb.mailbox.org/display/MBOKBEN/Using+e-mail+addresses+of+your+domain
There's a detailed explanation of how to add DKIM with your domain.
Hope that is helpful.
I'm happy to say that the mailbox.org team added DKIM and DMARC support.
In the knowledge base there are all the info. You can check it here https://kb.mailbox.org/display/MBOKBEN/Using+e-mail+addresses+of+your+domain
There's a detailed explanation of how to add DKIM with your domain.
Hope that is helpful.
Hi,
BUMPING this topic.
it's look like anyone with a valid mailbox.org account can send mail with domain configured on mailbox.org
E.G. Your account : toto@mailbox.org you can send an email as bidule@adomainname.com if a adomainname.com is configure by another mailbox.org user on mailbox.org,
If you try to spoof an address <something@mailbox.org> It's rejected.
I find this topic looking about DMARC.
I've two mailbox.org account, for different purpose. I tried by configuring Thunderbird to use my first account and spoof random address @mailbox.org and randomadress@mydomain on my 2nd account
I check the result in a test gmail address.
I would like to know what I need to configure to avoid that on mailbox.org, is DMARC the way to go?
For now I've only SPF & DKIM configured.
I read a little bit (https://userforum.mailbox.org/topic/mailbox-org-smtp-server-stellt-mails-mit-gefakten-absender-zu) answer with a translator but I don't get everythings, as I don't read german.
Hi,
BUMPING this topic.
it's look like anyone with a valid mailbox.org account can send mail with domain configured on mailbox.org
E.G. Your account : toto@mailbox.org you can send an email as bidule@adomainname.com if a adomainname.com is configure by another mailbox.org user on mailbox.org,
If you try to spoof an address <something@mailbox.org> It's rejected.
I find this topic looking about DMARC.
I've two mailbox.org account, for different purpose. I tried by configuring Thunderbird to use my first account and spoof random address @mailbox.org and randomadress@mydomain on my 2nd account
I check the result in a test gmail address.
I would like to know what I need to configure to avoid that on mailbox.org, is DMARC the way to go?
For now I've only SPF & DKIM configured.
I read a little bit (https://userforum.mailbox.org/topic/mailbox-org-smtp-server-stellt-mails-mit-gefakten-absender-zu) answer with a translator but I don't get everythings, as I don't read german.
Why has this not been resolved?
Why has this not been resolved?
can we get updates regarding the anti-spoofing fix?
at the moment spf/dkim/dmarc settings are ignored inbound from mailbox.org, i can receive spoofed emails from any domain either on my custom domain or mailbox.org aliases
I can understand the issues described by staff in previous posts but it's been over two years and we're not talking about implementing a new interface theme or adding optional features, this is a basic security measure that any normal email provider has.
can we get updates regarding the anti-spoofing fix?
at the moment spf/dkim/dmarc settings are ignored inbound from mailbox.org, i can receive spoofed emails from any domain either on my custom domain or mailbox.org aliases
I can understand the issues described by staff in previous posts but it's been over two years and we're not talking about implementing a new interface theme or adding optional features, this is a basic security measure that any normal email provider has.
Hi there and thanks for hanging in there with us. We totally get the challenges you and other users are facing with implementing anti-spoofing measures for custom domains on mailbox.org.
Just to let you know, it's definitely on our radar, but it needs careful planning and thorough checking of all security aspects.
Additionally, SPF settings are being honored and DMARC settings are a huge factor in our spam recognition. While we don't honor DMARC at a 100% right now, we do take it into account.
Rest assured, we're committed to this and grateful for your continued support and understanding.
Best regards from your mailbox.org-Team!
Hi there and thanks for hanging in there with us. We totally get the challenges you and other users are facing with implementing anti-spoofing measures for custom domains on mailbox.org.
Just to let you know, it's definitely on our radar, but it needs careful planning and thorough checking of all security aspects.
Additionally, SPF settings are being honored and DMARC settings are a huge factor in our spam recognition. While we don't honor DMARC at a 100% right now, we do take it into account.
Rest assured, we're committed to this and grateful for your continued support and understanding.
Best regards from your mailbox.org-Team!
Replies have been locked on this page!