From 52e6480d11275c4055b82091400bab8ca3264eb3 Mon Sep 17 00:00:00 2001
From: emilhem <emilhem@web>
Date: Fri, 22 May 2020 17:40:19 +0200
Subject: Add basic instructions on how to get started with DMARC and DKIM

---
 e-post/doman.mdwn | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

(limited to 'e-post')

diff --git a/e-post/doman.mdwn b/e-post/doman.mdwn
index b7b8543..1eb31c4 100644
--- a/e-post/doman.mdwn
+++ b/e-post/doman.mdwn
@@ -175,6 +175,47 @@ prefer to have a dedicated key pair for your domain.
 public part, as well as the signing domain identifier and selector used
 in the `DKIM-Signature` header field.)
 
+How do I set up my own DKIM keys for my custom domain?
+----------------------------------------------------------
+The [Wikipedia page](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) has a nice
+introduction to DKIM.
+
+Begin by contacting the Fripost admins
+([admin@fripost.org](mailto:admin@fripost.org)) with the request to create
+a DKIM key for your custom domain. This DKIM key can be associated with
+your whole domain or an individual email address. Await a response from
+the admins (remember they do it on their spare time!). Their response will
+contain an identifier and the text (public key) that you need to enable DKIM
+validation. To enable the DKIM validation with the public key received you
+have to login to your DNS-management system and add a new TXT record
+with the subdomain `[identifier]._domainkey.[your domain]`. The record should
+look like the following except your key after the `p=` part.
+```
+v=DKIM1; k=rsa; t=s; s=email; p=MIIB...AQAB
+```
+*Note* that in most DNS-management systems you should only use the
+subdomain (not the whole domain name) when you're creating a new TXT
+record. For example: `sub.example.org` only need
+`[identifier]._domainkey.sub`.
+
+How do I set up my own DMARC for my custom domain?
+----------------------------------------------------------------------
+The [Wikipedia page](https://en.wikipedia.org/wiki/DMARC) has a nice
+introduction to DMARC.
+
+Begin by logging into your DNS-management system and add a TXT
+record for `_dmarc.[your domain]`. The record should look something like
+the following.
+```
+v=DMARC1;p=none;sp=none;
+```
+You can tweak the `p=none` and `sp=none` parts to more restrictive
+configurations such as `reject` or `quarantine`.
+
+*Note* that in most DNS-management systems you should only use the
+subdomain (not the whole domain name) when you're creating a new TXT
+record. For example: `sub.example.org` only need `_dmarc.sub`.
+
 Should I publish a SPF (Sender Policy Framework) record for my domain?
 ----------------------------------------------------------------------
 
-- 
cgit v1.2.3