SPF, DKIM, and DMARC: the "big three" mail verification records скачать в хорошем качестве

SPF, DKIM, and DMARC: the "big three" mail verification records

I've touched on SPF briefly in my past video on setting up SMTP relay (still one of the most watched videos I've ever uploaded!). But SPF is really only one of the "big three" records that you should have in DNS to support a modern-day email system. The other two records you should have are DKIM and DMARC. What these all are, and how they work differently from or in conjunction with the others, is what we're talking about today! EXTRA CREDIT: If your SPF record is hitting that limit of 10 total DNS hostname lookups, then you might need to either list IP addresses directly, or split some of your outbound mail into different subdomains. If you have a separate SPF record for marketing.example.org, that SPF record can have a different set of allowed sources than the main example.org, and that means you can have a different 10 lookups from the main set. Most configuration guides will suggest "~all" for SPF records, or a "p=none" in DMARC. They don't want you to implement their guide and suddenly have your emails blocked. Fine, but... do your research first, and then do your best to upgrade to "-all" and "p=reject". It's more secure, and learning all the ways you've been "leaking" email through unknown or insecure sources is a good thing! My thanks to ‪@TheAnigai‬ for suggesting today's topic!