Addition for DMARC DNS record about adkim and aspf fields.

This commit is contained in:
Alexander Andreev 2022-05-22 03:53:48 +04:00
parent a0263bf74a
commit f70f883943
Signed by: Arav
GPG Key ID: 0388CC8FAA51063F

View File

@ -474,10 +474,10 @@ block article
h4#art-8-4 #[a(href='#art-8-4') 8.4. DMARC]
p DMARC stands for Domain-based Message Authentication Reporting and Conformance. And its DNS record could be like this one that I use:
pre
| _dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:admin@example.org; ruf=mailto:admin@example.org"
| _dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:admin@example.org; ruf=mailto:admin@example.org; adkim=s; aspf=s"
p #[code v] is a version of a protocol.
p #[code p] is a default policy that could be set to #[code none], #[code quarantine] and #[code reject]. I chose to #[code reject] mail that comes from «me” if there's something wrong with a origin of a message. If you could get email from subdomains then you need to set #[code sp] as well.
p #[code rua] is an address for the reports and #[code ruf] is for the forensic reports.
p #[code rua] is an address for the reports and #[code ruf] is for the forensic reports. #[code aspf] verifies that an address in the MAIL FROM command and #[code From:] header matches example.org in strict (s) mode, and in relaxed (default, r) mode matches domain or its subdomains. For #[code adkim] is the same except in this case sender domain name should match a domain in #[code d=domain] in a #[code DKIM-Signature] header.
h4#art-8-5 #[a(href='#art-8-5') 8.5. DKIM]
p In 5.2 we generated a key pair for our domain and now we'll take what's inside a #[code myselector.txt] file and add it to our DNS.