This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
internet:mail:sender_auth [2019/05/07 13:41] gcooper |
internet:mail:sender_auth [2019/05/08 08:48] (current) gcooper |
||
---|---|---|---|
Line 4: | Line 4: | ||
SPF (sender policy framework), DKIM (domain keys identified mail) and DMARC (domain message authentication reporting and conformance) are **sender authentication mechanisms** that use DNS. | SPF (sender policy framework), DKIM (domain keys identified mail) and DMARC (domain message authentication reporting and conformance) are **sender authentication mechanisms** that use DNS. | ||
+ | |||
+ | ===== Testing ===== | ||
+ | |||
+ | **Various Tools**: https:// | ||
+ | |||
+ | **DKIM Test Tool**: https:// | ||
+ | |||
+ | **DMARC Test Tool**: https:// | ||
+ | |||
+ | A very useful test is to **send a message from the domain under test to a Gmail address**. | ||
+ | |||
===== SPF ===== | ===== SPF ===== | ||
- | SPF is the most widely used sender authentication mechanism. | + | SPF is the most widely used sender authentication mechanism. |
A DNS SPF (TXT) record just tells the recipient server which sender servers are authorized to send e-mail for a particular domain. | A DNS SPF (TXT) record just tells the recipient server which sender servers are authorized to send e-mail for a particular domain. | ||
+ | |||
+ | ==== Virtualmin ==== | ||
+ | |||
+ | **Virtualmin -> < | ||
+ | |||
+ | {{ : | ||
===== DKIM ===== | ===== DKIM ===== | ||
Line 16: | Line 33: | ||
Signing is done with a **private key on the sender' | Signing is done with a **private key on the sender' | ||
- | |||
- | ==== Testing ==== | ||
- | |||
- | **DKIM Test Tool**: https:// | ||
- | |||
- | **DMARC Test Tool**: https:// | ||
- | |||
- | A very useful test is to send a message from the domain under test to a Gmail address. | ||
==== Virtualmin ==== | ==== Virtualmin ==== | ||
- | :!: Only virtual servers that have both the DNS and email features enabled will have DKIM activated, as the mail server needs to be setup to use a private signing key whose corresponding public key is added to DNS. | + | <note warning>Only virtual servers that have both the DNS and email features enabled will have DKIM activated, as the mail server needs to be setup to use a private signing key whose corresponding public key is added to DNS.</ |
https:// | https:// | ||
Line 46: | Line 55: | ||
===== DMARC ===== | ===== DMARC ===== | ||
+ | |||
+ | < | ||
DMARC is a mechanism to tell receiving mail servers exactly how to treat failures of SPF and DKIM checks. | DMARC is a mechanism to tell receiving mail servers exactly how to treat failures of SPF and DKIM checks. | ||
DMARC also includes a mechanism to report failures back to administrators of sender domains. | DMARC also includes a mechanism to report failures back to administrators of sender domains. |