$INCLUDE generic_spf.incgeneric_spf.inc add:@ IN TXT "v=spf1 ip4:[your mail server ip/netmask] ip4:[your seconday mx server ip/netmask] mx:[your doamin] -all"mail IN TXT "v=spf1 ip4:[your mail server ip/netmask] ip4:[your seconday mx server ip/netmask] mx:[your domain] -all"
For DMARC:
Just like above SPF, in master domain file, add $INCLUDE generic_dmarc.inc
In generic_dmarc.inc add:
_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:[your email @ yourdomain]; ruf=mailto:[your email @ yourdomain]; adkim=r; aspf=r; rf=afrf"
_dmarc.mail IN TXT "v=DMARC1; p=quarantine; rua=mailto:[your email @ yourdomain]; ruf=mailto:[your email @ yourdomain]; adkim=r; aspf=r; rf=afrf"
It's recommended that you have a specific email address for the dmarc mailto.
Note: I made SPF work a long time ago, and am not going to go into it now. Perhaps some time when I'm working on it again I'll document what I have...
Looking into DMARC, it's a bit daunting. Everyone says it's
easy, but I'm not really finding exactly what I need for my DNS
records. The one start I am finding is to add:
TXT "v=DMARC1; p-none; pct=100;
rua=mailto:dmarc-reports@domain".
I've added this,
of course changed my serial number and
restarted named.
Evidently I'll now get
weekly summary emails which will help me figure out what
further I need to do. Good enough, hopefully the reports will
start coming in and will remind me to get back to this.