2021-11-20 Publishing the information about using DKIM: dmarc records
After getting DKIM signing running with sendmail and opendkim I generated DKIM keys for idefix.net, configured them in the mailserver with opendkim and published them in DNS. The next thing to publish is a policy record showing that all outgoing mail for these domains should be signed. I started with a policy that shows mail should be signed but to not reject it when it isn't, but report it to me as unsigned.;; QUESTION SECTION: ;_dmarc.camp-wireless.com. IN TXT ;; ANSWER SECTION: _dmarc.camp-wireless.com. 86400 IN TXT "v=DMARC1;p=none;sp=reject;pct=100;rua=mailto:dmarcreports at camp-wireless.com;"With a similar policy for idefix.net. Mail with problems shouldn't be rejected yet: DNS propagation isn't instantaneous and testing first.