Earlier today I received a few notifications of bounced mail from Google. This was odd seeing as how I hadn’t sent any mail to Google in a while. Upon further inspection, the messages originated from an application running on one of my servers. These were password reset messages destined to a real user but were rejected because I hadn’t properly setup SPF and DKIM for this domain and Google had kindly rejected the messages based on my DMARC policy of reject.
I’ve talked about e-mail server security in a previous post and it clearly worked in this case. A quick fix on my server and to a DNS entry fixed this problem, but I wondered if there were other messages that had been rejected recently that I wasn’t aware of.
I use Mailhardener to collect all my security reports regarding e-mail. Reviewing the last few weeks showed that a few Chinese servers had been trying to send mail using my aehe.us domain but had been thwarted by my DMARC policy. The fact that the policies I have in place kept these spam messages out of circulation is a testament to how far we’ve come with easily deployable authentication mechanisms that should be common place on the Internet today.