revlis.nl
Stash of notes about OSS, OSes, virtualization, dev hobby projects &c
November 26, 2016 — 23:39
Author: silver Category: other Comments: Off
Prevent email-spoofing, phishing and spam by setting these DNS TXT Records.
Send Policy Framework (SPF):
domain.com. IN TXT "v=spf1 a mx include:domain.com ~all"
DomainKeys Identified Mail (DKIM):
Generate public/private key with opendkim-tools.
$ opendkim-genkey --bits=2048 --domain=domain.com --verbose
Use the private key for your mailserver, eg postfix.
Use public key for the TXT record (“1234+ABc/dEF
"):
_domainkey.domain.com. IN TXT "o=-" default._domainkey.domain.com. IN TXT "v=DKIM1; g=*; k=rsa; p=1234+ABc/dEF;"
Domain-based Message Authentication, Reporting and Conformance (DMARC):
_dmarc.domain.com IN TXT "v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]"
Testing:
- http://pastebin.com/kqGX2NGH (
dkim_verify.pl
) - https://mxtoolbox.com
- https://www.mail-tester.com