From 52e6480d11275c4055b82091400bab8ca3264eb3 Mon Sep 17 00:00:00 2001 From: emilhem Date: Fri, 22 May 2020 17:40:19 +0200 Subject: Add basic instructions on how to get started with DMARC and DKIM --- e-post/doman.mdwn | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) (limited to 'e-post') diff --git a/e-post/doman.mdwn b/e-post/doman.mdwn index b7b8543..1eb31c4 100644 --- a/e-post/doman.mdwn +++ b/e-post/doman.mdwn @@ -175,6 +175,47 @@ prefer to have a dedicated key pair for your domain. public part, as well as the signing domain identifier and selector used in the `DKIM-Signature` header field.) +How do I set up my own DKIM keys for my custom domain? +---------------------------------------------------------- +The [Wikipedia page](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) has a nice +introduction to DKIM. + +Begin by contacting the Fripost admins +([admin@fripost.org](mailto:admin@fripost.org)) with the request to create +a DKIM key for your custom domain. This DKIM key can be associated with +your whole domain or an individual email address. Await a response from +the admins (remember they do it on their spare time!). Their response will +contain an identifier and the text (public key) that you need to enable DKIM +validation. To enable the DKIM validation with the public key received you +have to login to your DNS-management system and add a new TXT record +with the subdomain `[identifier]._domainkey.[your domain]`. The record should +look like the following except your key after the `p=` part. +``` +v=DKIM1; k=rsa; t=s; s=email; p=MIIB...AQAB +``` +*Note* that in most DNS-management systems you should only use the +subdomain (not the whole domain name) when you're creating a new TXT +record. For example: `sub.example.org` only need +`[identifier]._domainkey.sub`. + +How do I set up my own DMARC for my custom domain? +---------------------------------------------------------------------- +The [Wikipedia page](https://en.wikipedia.org/wiki/DMARC) has a nice +introduction to DMARC. + +Begin by logging into your DNS-management system and add a TXT +record for `_dmarc.[your domain]`. The record should look something like +the following. +``` +v=DMARC1;p=none;sp=none; +``` +You can tweak the `p=none` and `sp=none` parts to more restrictive +configurations such as `reject` or `quarantine`. + +*Note* that in most DNS-management systems you should only use the +subdomain (not the whole domain name) when you're creating a new TXT +record. For example: `sub.example.org` only need `_dmarc.sub`. + Should I publish a SPF (Sender Policy Framework) record for my domain? ---------------------------------------------------------------------- -- cgit v1.2.3