This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
internet:mail:sender_auth [2019/05/07 09:46] 127.0.0.1 external edit |
internet:mail:sender_auth [2019/05/08 08:48] (current) gcooper |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== DKIM and DMARC ====== | + | ====== |
+ | |||
+ | FIXME Incomplete | ||
+ | |||
+ | SPF (sender policy framework), DKIM (domain keys identified mail) and DMARC (domain message authentication reporting and conformance) are **sender authentication mechanisms** that use DNS. | ||
===== Testing ===== | ===== Testing ===== | ||
- | **Test Tool**: https://mxtoolbox.com/DMARC.aspx | + | **Various Tools**: https://dmarcian.com/dmarc-tools/ |
- | A very useful test is to send a message from the domain under test to a Gmail address. Once the message is received in Gmail, perform a '' | + | **DKIM Test Tool**: https:// |
- | ===== Virtualmin ===== | + | **DMARC Test Tool**: https:// |
+ | A very useful test is to **send a message from the domain under test to a Gmail address**. | ||
- | ===== Zimbra | + | ===== SPF ===== |
- | https:// | + | SPF is the most widely used sender authentication mechanism. |
+ | |||
+ | A DNS SPF (TXT) record just tells the recipient server which sender servers are authorized to send e-mail for a particular domain. | ||
+ | |||
+ | ==== Virtualmin ==== | ||
+ | |||
+ | **Virtualmin -> < | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | ===== DKIM ===== | ||
+ | |||
+ | **DKIM** is a standard for signing email messages so that the recipient can verify the sender' | ||
+ | |||
+ | Signing is done with a **private key on the sender' | ||
+ | |||
+ | ==== Virtualmin ==== | ||
+ | |||
+ | <note warning> | ||
+ | |||
+ | https:// | ||
+ | |||
+ | Virtualmin uses a **milter** (daemon) to implement DKIM signing and verification. | ||
+ | |||
+ | **Virtualmin -> E-Mail Settings -> DomainKeys Identified Mail** | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | ==== Zimbra ==== | ||
+ | |||
+ | <note tip> | ||
+ | |||
+ | **Important**: | ||
https:// | https:// | ||
+ | |||
+ | ===== DMARC ===== | ||
+ | |||
+ | < | ||
+ | |||
+ | DMARC is a mechanism to tell receiving mail servers exactly how to treat failures of SPF and DKIM checks. | ||
+ | |||
+ | DMARC also includes a mechanism to report failures back to administrators of sender domains. |