Addition for DMARC DNS record about adkim and aspf fields.

2022-05-22 03:53:48 +04:00 · 2022-05-22 03:53:48 +04:00 · f70f883943
commit f70f883943
parent a0263bf74a
1 changed files with 2 additions and 2 deletions
--- a/homepage/views/articles/setting_up_a_mail_server.pug
+++ b/homepage/views/articles/setting_up_a_mail_server.pug
@ -474,10 +474,10 @@ block article
 	h4#art-8-4 #[a(href='#art-8-4') 8.4. DMARC]
 	p DMARC stands for Domain-based Message Authentication Reporting and Conformance. And its DNS record could be like this one that I use:
 	pre
-		| _dmarc    IN    TXT    "v=DMARC1; p=reject; rua=mailto:admin@example.org; ruf=mailto:admin@example.org"
+		| _dmarc    IN    TXT    "v=DMARC1; p=reject; rua=mailto:admin@example.org; ruf=mailto:admin@example.org; adkim=s; aspf=s"
 	p #[code v] is a version of a protocol.
 	p #[code p] is a default policy that could be set to #[code none], #[code quarantine] and #[code reject]. I chose to #[code reject] mail that comes from &laquo;me&rdquo; if there's something wrong with a origin of a message. If you could get email from subdomains then you need to set #[code sp] as well.
-	p #[code rua] is an address for the reports and #[code ruf] is for the forensic reports.
+	p #[code rua] is an address for the reports and #[code ruf] is for the forensic reports. #[code aspf] verifies that an address in the MAIL FROM command and #[code From:] header matches example.org in strict (s) mode, and in relaxed (default, r) mode matches domain or its subdomains. For #[code adkim] is the same except in this case sender domain name should match a domain in #[code d=domain] in a #[code DKIM-Signature] header.

 	h4#art-8-5 #[a(href='#art-8-5') 8.5. DKIM]
 	p In 5.2 we generated a key pair for our domain and now we'll take what's inside a #[code myselector.txt] file and add it to our DNS.