Reducing spam for other people via SPF DMARC DKIM and Google Apps

So I own several domains that spamers like to forge and I do not like that.  Most of them are hosted on Google Apps.  This is the short version of how to make most of the forged spam get properly discarded.

1. Generate the domain key for your domain

2. Add the public domain key to the DNS records for your domain, so that recipients can retrieve it for decrypting the DKIM header.
google._domainkey       3600 IN TXT   "v=DKIM1; k=rsa; p=MIGf...Really...Long...AQAB"

3. Turn on authentication to begin adding the DKIM header to outgoing mail messages.

4. Create an SPF record     3600 IN TXT   "v=spf1 ~all"

5. Tell people you put dkim on all messages and to discard everything that does not have one.
_adsp._domainkey        3600 IN TXT   "dkim=discardable"

6. Publish your DMARC record.  Depending on how busy your domain is, you will need to adjust your reporting.
_dmarc                  3600 IN TXT   "v=DMARC1; p=reject; pct=100;;;"

Check it all out:
dig -t TXT
dig -t TXT
dig -t TXT
dig -t TXT
Send an email to
Wait for responce:
SPF check:          pass
DomainKeys check:   neutral
DKIM check:         pass
Sender-ID check:    pass
SpamAssassin check: ham

No comments: