Spoofed email - how to avoid them


I’d like to understand how configure my own server to never get e-mails from an account at my own domains.
So if my domain is @jader.my nobody can send any e-mail saying they are me@jader.my (or should use authentication to do it!).
I have configured SPF and DMARC (not sure about DKIM), but nothing stop spammers.
I don’t care if they can send e-mails to anyone else saying they are myself, but MY OWN SERVER should never accept that kind of e-mail (neither should ANY really well configurated e-mail server).
If I say SPF about who can send e-mail , any SMTP receiving shoud say SORRY CANNOT GET EMAIL from you, you FAILED on SPF test.
We need to tight configure the SMTP server to do not allow bad guys to spoof e-mails.
If someone else is misconfigured that’s someone else problem, I just cannot get them more!

Can someone help me to get a RELLY TIGHT configuration of SMTP on NS7?




If someone sends someone else’s mail with your domain name in the sender’s name, this does not mean that they have sent it from your mail server. He is just trying to create the impression and thus deceive the recipient.

However, you cannot effectively prevent this. You can try to instruct the receiving servers to treat mails that do not really come from your server as junk. SPF is the key to this, and DMARC/DKIM/DNSSec/DANE increase the authenticity of your server.

Some links:



Hi Marko

Thanks by your answer, and sorry my delay to answer you.
I’m aware I cannot make others comply with my way of thinking.
I’m looking for BEST PRACTICES to implement on my own NS7 to get maximum security on my e-mail server.
I wish never receive an e-mail from @my-own-domain when it came from an non-authenticated user.
I wish my SMTP never accept a connection from someone else saying it has e-mails from @my-own-domain to delivery.
I wanna to make my own server to respect SPF, DKIM, DMARC and any other best practices for my own domain and all other domains.
So if someone-else-domain publish SPF I’d like to verify and comply with “~a” or “-a” option from SPF record. The same for all others options (DMARC, DKIM, …)