The following is a list of sites that explain options to prevent email domain spoofing and information on email feedback loops (complaint feedback loops). Due to the changing nature of the internet these links make become invalid. As of April, 2023, these links were still active.
The following is information on SPF, DKIM and DMARC. These should be in place for an email domain to help minimize email spoofing. By having these in place it can help in determining who is sending in behalf of your organization/domain especially when you receive email abuse reports after subscribing to email feedback loops.
Sender Policy Framework (SPF)
- RFC 7208 on SPF: https://www.rfc-editor.org/rfc/rfc7208
- Information on SPF: http://www.open-spf.org
- What is Sender Policy Framework? https://www.validity.com/email-authentication/sender-policy-framework/
- Tool for looking up a SPF record: https://mxtoolbox.com/spf.aspx
- Tool to validate a SPF record: https://www.kitterman.com/spf/validate.html
Domain Keys Identified Mail (DKIM)
- RFC 6376 on DKIM: https://www.rfc-editor.org/rfc/rfc6376
- Information on DKIM: https://dkim.org/
- Additional information on DKIM: http://www.opendkim.org/
- Tool to check DKIM key: https://protodave.com/tools/dkim-key-checker/
- Tool to validate DKIM: https://dmarcian.com/dkim-validator/
- Tool to check DKIM: https://mxtoolbox.com/dkim.aspx
Domain-based Message Authentication Reporting and Conformance (DMARC)
- RFC on DMARC: https://www.rfc-editor.org/rfc/rfc7489
- Information on DMARC: https://dmarc.org/
- Tool to check DMARC: https://mxtoolbox.com/dmarc.aspx
Feedback Loops
The following are sites related to feedback loops. It includes links to sites to sign up for the service for that particular provider.
- RFC 6449 on Complaint Feedback Loops: https://www.rfc-editor.org/rfc/rfc6449.html
- RFC 6590 on redaction of sensitive information in mail abuse reports: https://www.rfc-editor.org/rfc/rfc6590.html
- Information on Email Feedback Loops: https://mxtoolbox.com/dmarc/email-feedback-loops
- Information on Google Feedback Loops: https://support.google.com/mail/answer/6254652?hl=en
- Google Postmaster Tools: https://support.google.com/mail/answer/9981691?hl=en&ref_topic=6259779&sjid=14916492755335664347-NA
- Yahoo Complaint Feedback Loop: https://senders.yahooinc.com/complaint-feedback-loop/
- Postmaster Services for Microsoft Live: https://postmaster.live.com/snds/JMRP.aspx
- Information on Email Feedback Loops with details on setup for different services: https://www.emailfeedbackloops.com/
- Feedback Loop service that covers over 30 different ISPs and ESPs: https://fbl.validity.com/
Abuse
The following are sites with information on reporting emails that you receive that are malicious or an abuse of the terms of service that originated from the ISP or ESP.
- Google: https://support.google.com/mail/contact/abuse
- Comcast/Xfinity: https://internetsecurity.xfinity.com/help/report-abuse
- Amazon AWS: https://repost.aws/knowledge-center/report-aws-abuse
- Microsoft: https://msrc.microsoft.com/report/abuse
- Yahoo: https://help.yahoo.com/kb/SLN26401.html
- Verizon: https://www.verizon.com/business/terms/abuse/
The following is a link to MX Toolbox which is a good source to have to check MX records or whether your site is on a blacklist: