Welcome to the mailbox.org user forum!
 
New Topic
Properties
Category Password and Security
Tags domains, SPF, DKIM, spoofing, spam, dmarc

Anti-spoofing for Custom Domains (SPF, DKIM & DMARC)

2153638 shared this question 3 years ago
Need Answer

Does mailbox.org offer anti-spoofing options for custom domains? I can find no information about this on the help pages. Other privacy-oriented providers, e.g. protonmail, do offer this (see here: https://protonmail.com/support/knowledge-base/anti-spoofing/).


Mailbox.org should make information about SPF, DKIM and DMARC easy to find.

20 The same question

Comments (5)

photo
1
Thomas91 2 years ago

You can always just check the DNS Records yourself.


Short anwer: Yes, mailbox.org uses SPF, DKIM and DMARC.

Long answer: Everyone can send Emails in your name anyway. The mailbox.org SMTP servers do not check if you spoof your from address. See this discussion in the german forum: https://userforum.mailbox.org/topic/mailbox-org-smtp-server-stellt-mails-mit-gefakten-absender-zu

Reply
photo
1
4380628 2 years ago

Gmail antispam system uses DKIM and DMARC. If I send an email with my custom domain to a Gmail user that will may be redireced to spam

Reply
photo
1
A4 7 months ago

I actually have this exact problem. Using Mailbox with custom domain and some of my mail is marked as spam by default on Gmail. The weird thing is that not for all Gmail recipients, but only for some.

Any idea how to resolve this?

photo
1
Odin 7 months ago

I have the same problem, I'm using every method available to increase authenticity of my own domain's email to avoid spam filters, but Mailbox's ip addresses are blacklisted at some anti-spam organizations. I emailed support about this and they responded that they're working on resolving this.

photo
1
3292338 7 months ago

Yes. Also heard of it. They’re working on their outbound structure to solve those issues.

Hopefully it will work.

photo
1
A4 5 months ago

Following this article: https://kb.mailbox.org/display/MBOKBEN/Using+e-mail+addresses+of+your+domain (namely DKIM and DMARC) resolved my issue. All mails are now successfully delivered.

photo
photo
3
2134711 14 months ago

The easy way is to use openssl and generate your private and public keys with this:


  1. openssl genrsa -out private.key 1024
  2. openssl rsa -in private.key -pubout -out public.key

If you want a 2048 bit key change "1024" with "2048".


With a TXT record you have to add:


  • dkim._domainkey.yourdomain.TLD as a host name (change "dkim" with everything you want e.g. "default, key1" etc).
  • in the value part v=DKIM1; k=rsa; p=your/generated/key


The SPF it's easy and reported in the support section of mailbox.org site, just add in a TXT record: v=spf1 include:mailbox.org and leave the host empty.


DMARC it's just a string, you don't have to generate nothing, again in a TXT record put:


  • _dmarc in the host part
  • v=DMARC1; p=none; rua=mailto:youraddress@yourdomain.TLD

(You can create an alias just for DMARC like reports-dmarc@yourdmain.TLD)


You can find openssl for every GNU/Linux distro and also on Windows I think.

Hope this helps you.

Reply
photo
1
4380628 14 months ago

In order to use DKIM private key should be saved on mail server and public key in TXT record as shown above. It's impossible to setup DKIM by yourself without Mailbox.org support.

photo
2
2134711 14 months ago

True, I was wrong.

It's not working in our scenario, because we don't have backend access to mailbox.org servers.

So, the previous post was wrong, unless you have your own server or a cloud VPS and running Postfix, Dovecot etc by yourself.

photo
photo
2
2134711 13 months ago

I'm happy to say that the mailbox.org team added DKIM and DMARC support.

In the knowledge base there are all the info. You can check it here https://kb.mailbox.org/display/MBOKBEN/Using+e-mail+addresses+of+your+domain

There's a detailed explanation of how to add DKIM with your domain.

Hope that is helpful.

Reply
photo
1
4464014 13 months ago

Wonderful! What is `_domainkey` in the DKIM section, though? Is the the subdomain or the content of the TXT record in the SPF part?

photo
2
2134711 13 months ago

No, it's a standard for DKIM key records.

You have to literally write MBO0001._domainkey on your TXT record, in the subdomain section.

If you check other providers it could be like google1234._domainkey or yahoo1234._domainkey.

So, ._domainkey it's the standard part. The name of the key is the part before.

photo
1
4464014 13 months ago

Ahh, stupid me! Thanks a lot!

photo
photo
1
Thom 43 days ago

Hi,

BUMPING this topic.

it's look like anyone with a valid mailbox.org account can send mail with domain configured on mailbox.org

E.G. Your account : toto@mailbox.org you can send an email as bidule@adomainname.com if a adomainname.com is configure by another mailbox.org user on mailbox.org,

If you try to spoof an address <something@mailbox.org> It's rejected.

I find this topic looking about DMARC.

I've two mailbox.org account, for different purpose. I tried by configuring Thunderbird to use my first account and spoof random address @mailbox.org and randomadress@mydomain on my 2nd account

I check the result in a test gmail address.

I would like to know what I need to configure to avoid that on mailbox.org, is DMARC the way to go?

For now I've only SPF & DKIM configured.

I read a little bit (https://userforum.mailbox.org/topic/mailbox-org-smtp-server-stellt-mails-mit-gefakten-absender-zu) answer with a translator but I don't get everythings, as I don't read german.

Reply
Leave a Comment
 
Attach a file
© 2018 mailbox.org