| I'm less upset with SPF, DKIM, and DMARC and more irritated that you can't find any 5 minute guide on how to set it up. As this article states, it's all SEO bullshit and DNS validators that don't explicitly say, "Add this TXT record to your DNS set. This directive means X. That directive means Y." Unfortunately, as much as I sympathize with this article, I can't pass this around to colleagues as technical reference, because it's just a rant. A rant with helpful information, but a rant nonetheless. I need reference documentation that isn't going to disappear when the author decides to change blogging platforms, etc. So, below are the RFCs, with sections, that actually matter. DKIM and DMARC are not required to have a functional piece of software that sends emails today, though. Just use SPF and you should be fine. A TXT record with @ for the current origin[1] or the relevant host with the following is sufficient[2]: v=spf1 include:example.com ~all
You can use multiple includes.If you're pointing to your own DNS records, though, don't use include. Use a. As far as I understand it: include[3] is others, or as RFC 7208 states it, 'independent domains.' a[4] is you (A records). In this case, it looks like this: v=spf1 a:mydomain.com ~all
That's it. Now your mailer should work.So for example, you've got a domain name on Namecheap, and you're hosting on a VPS. You've pointed your A record for @ to your VPS' IP address. That's all you need there, and all you need for SPF is a TXT record pointing for the current domain, @, and the string above, with the a mechanism pointing to your domain name. SPF-compliant software will look up your TXT record containing the SPF string, see the domain, lookup its IP address, and match it to the server where your email is coming from, then allow it in transmission. Popular mailers should tell you all this these days, but they don't, and it really sucks. [1]: https://datatracker.ietf.org/doc/html/rfc1035#section-5.1 [2]: https://datatracker.ietf.org/doc/html/rfc7208#section-3 [3]: https://datatracker.ietf.org/doc/html/rfc7208#section-5.2 [4]: https://datatracker.ietf.org/doc/html/rfc7208#section-5.3 |
Work... technically... yes. If the definition of 'works' is: "I press send and sometimes my email reaches it's destination".
The spirit of the article IMO implies a definition akin to "I press send and my email reaches it's destination. And... my emails have some protection against spoofing attacks".
So in the spirit of the article, I would recommend your 1-liner takes a small yet significant change:
v=spf1 include:example.com -all
Now... let's talk about biggest barrier to entry for n00bs (myself included) in the self-hosted email game: non-blacklisted ip-address space. And blacklist here refers not just to public lists (SPAMHAUS etc) but private ones too (e.g., outlook).