postmaster webmaster abuse etc
Question asked by Richard Frank - December 21, 2015 at 7:49 AM
Unanswered
there are a few obligated email addresses like abuse, postmaster
how do you solve that for the registered domain names without any more services
do you create a domain for every domain with the users
or do you create one domain with these users and add other domains with domain aliases?

3 Replies

Reply to Thread
0
With versions of SmarterMail priot to 14.X, we created an alias for postmaster, and an alias for abuse, for EACH hosted domain, and point the aliases back to our primary postmaster account on chicagonettech.com.

With the advent of SmarterMail 14.X, you can force postmaster@ all domains to the primary postmaster account, but must still create the abuse aliases for each domain.

Remember, you, as the MX operator, are 100% responsible for responding to postmaster and abuse queries, so, unless you want to end up being on spam and block lists, you should never assign those to customers for their actions.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
thanx for the tip Bruce,
but do you create an email domain for every domain you host? I have a few thousand 'sleeping' domains, with no site and no mail.
0
Per the IETF, you must have both POSTMASTER@, and ABUSE@, for every domain capable of sending and receiving e-mail.
 
If an e-mail is sent to one of those addresses, a human, of authority for the security of your MX server must respond to, and act upon, the issue. Abuse@ is important because it is commonly used to report phishing attacks and potential identity theft; eg:
 
[names masked in example text below to prevent spam filters, from blocking post.]
 
"An audit of your Ch^se (or W3lls F0rgiving" account indicates suspicious activities, and you must login, via the link below to update your information before you can continue to use your account."
 
When the user clicks on the link, they are usually taken to a look-alike link, usually PHP based, and they are either suckered into providing their personal information, like username and password, or bank, credit card, and other identify theft information.
 
When someone receives a message like this, they should IMMEDIATELY DELETE the message because no bank or credit card company will never send an e-mail with such a link.
 
Ideally, they will also copy the entire header and FORWARD the message, UNALTERED, with the mess header inserted prior to the original message before deleting the message and emptying their trash.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread