SPF, DKIM and DMARC
November 26, 2016 — 23:39

Author: silver  Category: other  Comments: Off

Prevent email-spoofing, phishing and spam by setting these DNS TXT Records.

Send Policy Framework (SPF):

domain.com. IN TXT "v=spf1 a mx include:domain.com ~all"

DomainKeys Identified Mail (DKIM):

Generate public/private key with opendkim-tools.

$ opendkim-genkey --bits=2048 --domain=domain.com --verbose

Use the private key for your mailserver, eg postfix.
Use public key for the TXT record (“1234+ABc/dEF"):

_domainkey.domain.com. IN TXT "o=-"
default._domainkey.domain.com. IN TXT "v=DKIM1; g=*; k=rsa; p=1234+ABc/dEF;"

Domain-based Message Authentication, Reporting and Conformance (DMARC):

_dmarc.domain.com IN TXT "v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]"

Testing: