revlis.nl

November 26, 2016 — 23:39

Author: silver Category: other Comments: Off

Prevent email-spoofing, phishing and spam by setting these DNS TXT Records.

Send Policy Framework (SPF):

domain.com. IN TXT "v=spf1 a mx include:domain.com ~all"

DomainKeys Identified Mail (DKIM):

Generate public/private key with opendkim-tools.

$ opendkim-genkey --bits=2048 --domain=domain.com --verbose

Use the private key for your mailserver, eg postfix.
Use public key for the TXT record (“1234+ABc/dEF"):


_domainkey.domain.com. IN TXT "o=-"
default._domainkey.domain.com. IN TXT "v=DKIM1; g=*; k=rsa; p=1234+ABc/dEF;"

https://support.google.com/a/answer/174124?hl=en
http://dkimcore.org/tools/keycheck.html

Domain-based Message Authentication, Reporting and Conformance (DMARC):
_dmarc.domain.com IN TXT "v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]"

http://www.kitterman.com/dmarc/assistant.html
https://dmarcian-eu.com

Testing:

http://pastebin.com/kqGX2NGH (dkim_verify.pl)
https://mxtoolbox.com
https://www.mail-tester.com