re: Build your DMARC record in 15 minutes

https://blog.returnpath.com/build-your-dmarc-record-in-15-minutes-v2/

domain = example.com
mail2.@ A 1.1.1.1
@ mx 10 mail2.example.com
@ mx 20 smtp.secureserver.net
@ mx 30 mailstore1.secureserver.net

@ txt v=spf1 ip4:1.1.1.1 include:secureserver.net -all
_dmarc.@ txt v=DMARC1; p=none; rua=mailto:xxxxxx@mxtoolbox.dmarc-report.com,mailto:xxxxxxx@ag.dmarcian.com;

smtp test:

Connecting to 1.1.1.1

220 mail2.example.com Kerio Connect 8.0.0 ESMTP ready [11095 ms]
EHLO PWS3.mxtoolbox.com
250-mail2.example.com
250-AUTH CRAM-MD5 PLAIN LOGIN
250-SIZE 52428800
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-PIPELINING
250-ETRN
250-DSN
250 HELP [672 ms]
MAIL FROM:<supertool@mxtoolbox.com>
250 2.1.0 Sender <supertool@mxtoolbox.com> ok [719 ms]
RCPT TO:<test@maxpain.com>
550 5.7.1 Relaying to <test@maxpain.com> denied (authentication required) [672 ms]

should i create a SPF record for mail2.example.com?
eg: mail2.@ txt v=spf1 ip4:1.1.1.1 -all

and a DKIM or DMARC ?

Please & Thanks.

https://blog.returnpath.com/build-your-dmarc-record-in-15-minutes-v2/#comment-3304653950

Advertisements

re: How to explain authenticated received chain (ARC) in plain english.

https://blog.returnpath.com/how-to-explain-authenticated-received-chain-arc-in-plain-english-2/

This is stupid,
you send the email to the list, end of story, it reaches it’s destination.
the list server, should now send out the message to those in the list, using its own DMARC, DKIM, SPF.

it’s like they want spam to be legit, for the grace of GOD, drop this ARC stuff.
what this is, it’s allowing someone to modify your message, and pass it on as you.

We need to get to a point where we all have, DMARC=reject & SPF= -all, and if the message does not come with DKIM, reject it.
https://blog.returnpath.com/how-to-explain-authenticated-received-chain-arc-in-plain-english-2/#comment-3304585202