- replace all instances of
example.com
with your domain. - you also need to set up reverse DNS (to your mail fqdn)
this is for having all the stuff on one machine (domain as well as
mail.
subdomain)
example.com. A $IP
example.com. AAAA $IP6
lookup 'dns mx priority'
example.com. MX mail.example.com $prio
mail.example.com. A $IP
mail.example.com. AAAA $IP6
set the ip of your server to your mail fqdn.
example.com. TXT "v=spf1 mx -all"
$identifier
can be a date, for example$rsa_pubkey_armor
is the armor output of your public dkim key (no BEGIN/END lines)
to get the pubkey armor data, use openssl rsa -in FILE -pubout -out -
$identifier._domainkey.example.com. TXT "v=DKIM1;k=rsa;p=$rsa_pubkey_armor;"
example.com
needs to be replaced with your domain (NOT mail fqdn)p=reject
=> tell other servers to reject mails that are sent in your name but weren't sent from this server (i.e. YOUR server)pct=100
=> all emails are subject to this policy
_dmarc.example.com. TXT "v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@example.com;"
recommended: free dmarc monitoring with https://dmarc.postmarkapp.com/