Dnia 25.11.2025 o godz. 21:57:16 Dmitriy Alekseev via Postfix-users pisze: > Sure, just configure strict SPF, sign all emails with DKIM & configure > DMARC as p=reject sp=reject
That assumes all the servers that are currently sending bounces check DMARC and will reject messages that fail DMARC. There's no guarantee they do. Answering the OP's question, in general there is no way to block some bad actor's server to impersonate you and send mail in your name to some other server, because the mail is exchanged between two third parties - you are neither (actual) sender nor recipient, so you have no way to interfere with this process. Setting DMARC as per above suggestion may cause servers *that honor DMARC setting* (as this decision is entirely up to the receving end's configuration) to reject messages that impersonate you. But I suspect this may not be the case with the particular servers you are receiving bounces from, exactly because *they send bounces*, which inidicates they are probably misconfigured. Properly configured server should outright reject a message it can't deliver, not later send bounces to the sender. If they send bounces because they can't deliver message, there's quite high probability that even if they check DMARC, in case of DMARC failure they will also send bounces instead of rejecting the message. Which won't improve your situation in any way. Do I understand correctly that these bounces come to random addresses in your domain? If yes, why are you accepting them? You should accept only messages to addresses that actually exist, and reject all else. That *can* largely reduce the amount of bounces you are getting. -- Regards, Jaroslaw Rafa [email protected] -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
