Difference between revisions of "SPF+DKIM+DMARC"

From The Hive
Line 15: Line 15:
 
== DomainKeys Identified Mail ==
 
== DomainKeys Identified Mail ==
  
DKIM is implemented by a public key in another DNS TXT record.
+
DKIM is described in  [https://tools.ietf.org/html/rfc6376 RFC 6376] and implemented by a public key in another DNS TXT record. Here is the general gist of very simple possible example.
  
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
 
default._domainkey.example.biz.    86400 IN TXT    "v=DKIM1; k=rsa; p=verylongbase64encodedstring"
 
default._domainkey.example.biz.    86400 IN TXT    "v=DKIM1; k=rsa; p=verylongbase64encodedstring"
 
</syntaxhighlight>
 
</syntaxhighlight>
https://tools.ietf.org/html/rfc6376
 
  
 
== Domain-based Message Authentication, Reporting, and Conformance ==
 
== Domain-based Message Authentication, Reporting, and Conformance ==
  
 
https://tools.ietf.org/html/rfc7489
 
https://tools.ietf.org/html/rfc7489

Revision as of 02:04, 5 February 2020

Correct mail configuration is especially important if you own a "biz" domain, to avoid having your email misinterpreted or misclassified as spam.

Sender Policy Framework

SPF is described in RFC 7208 and implemented as a DNS TXT record.

example.biz.            86400   IN      TXT     "v=spf1 a mx ~all"

Too short a time-to-live (here 86400 seconds) is often taken as an indicator of spammishness. The "biz" tld itself uses 900 seconds, but that can be used to quickly revoke a spammer's domain.

The version was never updated from 1, but other tools were developed to be used in conjunction with SPF.

DomainKeys Identified Mail

DKIM is described in RFC 6376 and implemented by a public key in another DNS TXT record. Here is the general gist of very simple possible example.

default._domainkey.example.biz.     86400 IN TXT    "v=DKIM1; k=rsa; p=verylongbase64encodedstring"

Domain-based Message Authentication, Reporting, and Conformance

https://tools.ietf.org/html/rfc7489