Hacker News new | ask | show | jobs
by aepiepaey 2702 days ago
Just to make it clear, is this true if you use your own domain, or just if you use any of Fastmail's domains?
1 comments
Riverheart 2702 days ago
Seems to be just Fastmail domains but there might be some setup involved for custom domains. See their docs

https://www.fastmail.com/help/technical/senderauthentication...

link
bscphil 2702 days ago
If I understand this correctly, you need to be managing your own DNS (not letting Fastmail do it), and you probably need to set p=reject in your DMARC so that non-fastmail servers can't spoof your addresses.

And if Fastmail allows Fastmail user A to spoof Fastmail user B, then the above still only protects you against non-Fastmail customers.

link
eggsampler 2702 days ago
I have received a spoofed email from my own domain, so I believe it's not just Fastmail domains but any custom domain on an account.
link
Riverheart 2702 days ago
Do you host your custom domain with Fastmail? I may have misread but the article seemed to suggest you could potentially setup dmarc via the DNS page or whoever you host with.
link