Hey everyone! I'm stepping into the IT role at my small company, and we've owned our primary domain, XYZ.com, since 2015, where we've set up everything like M365 and Google Workspace. Recently, I decided to purchase additional domain extensions (like XYZ.pt and XYZ.it) to protect our business and clients from phishing and spam. My question is: do I just need to buy these domains, or should I also configure them in Microsoft Exchange as our own domains? Thanks for any insights!
1 Answer
Make sure you've set up SPF, DKIM, and DMARC to really secure those domains! Something like `v=spf1 -all` for SPF, and for DKIM and DMARC, you might want to use these formats: `*._domainkey.example.com v=DKIM1; p=` and `v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s`. Cloudflare offers helpful guides on this, so check it out! This way, any emails from those new domains can be accurately flagged as spoofed and filtered out.
That was my plan! I wasn't sure if just owning the domains would be enough for protection. Thanks for the clarification!