Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » internet » mail » sender_auth
Trace:
internet:mail:sender_auth

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
internet:mail:sender_auth [2019/05/07 13:42]
gcooper 		internet:mail:sender_auth [2019/05/08 08:48] (current)
gcooper
Line 4: Line 4:
  
 SPF (sender policy framework), DKIM (domain keys identified mail) and DMARC (domain message authentication reporting and conformance) are **sender authentication mechanisms** that use DNS. SPF (sender policy framework), DKIM (domain keys identified mail) and DMARC (domain message authentication reporting and conformance) are **sender authentication mechanisms** that use DNS.
 +
 +===== Testing =====
 +
 +**Various Tools**: https://dmarcian.com/dmarc-tools/
 +
 +**DKIM Test Tool**: https://mxtoolbox.com/dkim.aspx
 +
 +**DMARC Test Tool**: https://mxtoolbox.com/DMARC.aspx
 +
 +A very useful test is to **send a message from the domain under test to a Gmail address**.  Once the message is received in Gmail, perform a ''Show Original'' to view the message headers.
 +
  
 ===== SPF ===== ===== SPF =====
  
-SPF is the most widely used sender authentication mechanism.  You should definitely implement it.+SPF is the most widely used sender authentication mechanism.  You should definitely implement it for your domains.
  
 A DNS SPF (TXT) record just tells the recipient server which sender servers are authorized to send e-mail for a particular domain. A DNS SPF (TXT) record just tells the recipient server which sender servers are authorized to send e-mail for a particular domain.
 +
 +==== Virtualmin ====
 +
 +**Virtualmin -> <domain> -> Server Configuration -> DNS Options**
 +
 +{{ :internet:mail:virtualmin_spf_enable.png?750 |Create and Implement SPF and DMARC for Virtualmin Domain}}
  
 ===== DKIM ===== ===== DKIM =====
Line 16: Line 33:
  
 Signing is done with a **private key on the sender's server**, which matches a **public key added to in the sender's DNS domain**. The recipient can lookup this key at the domain in the ''From'' address, and use it to ensure that the email signature was created using the corresponding private key, which proves that the message was really sent from that domain. Signing is done with a **private key on the sender's server**, which matches a **public key added to in the sender's DNS domain**. The recipient can lookup this key at the domain in the ''From'' address, and use it to ensure that the email signature was created using the corresponding private key, which proves that the message was really sent from that domain.
- 
-==== Testing ==== 
- 
-**DKIM Test Tool**: https://mxtoolbox.com/dkim.aspx 
- 
-**DMARC Test Tool**: https://mxtoolbox.com/DMARC.aspx 
- 
-A very useful test is to send a message from the domain under test to a Gmail address.  Once the message is received in Gmail, perform a ''Show Original'' to view the message headers. 
  
 ==== Virtualmin ==== ==== Virtualmin ====
Line 46: Line 55:
  
 ===== DMARC ===== ===== DMARC =====
 +
 +<note>DMARC can be implemented in DNS without regard to where e-mail is hosted.</note>
  
 DMARC is a mechanism to tell receiving mail servers exactly how to treat failures of SPF and DKIM checks. DMARC is a mechanism to tell receiving mail servers exactly how to treat failures of SPF and DKIM checks.
  
 DMARC also includes a mechanism to report failures back to administrators of sender domains. DMARC also includes a mechanism to report failures back to administrators of sender domains.
internet/mail/sender_auth.1557258160.txt.gz · Last modified: 2019/05/07 13:42 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki