We can stop phishing emails and some spams by configuring SPF/DKIM/DMARC
without this, anybody can send emails from our domain, and not be categorized as spam.
This can be configured here domain by domain :
https://app.mailjet.com/account/domain
We set the spf record to authorize only mailjet to send our emails :
we put this in a TXT record in the dns of flatbay.fr (do not use SPF type record, use TXT) :
flatbay.fr. IN TXT "v=spf1 include:spf.mailjet.com ~all"
PS: please note that mailjet advises the use of "?all" which equals to "+all" which equals to accept all (hence useless spf record)
replace with "~all" to mark bad email as spam and "-all" to drop email automatically
to check that it worked :
dig +noall +answer flatbay.fr txt https://dmarcian.com/spf-survey/?domain=flatbay.fr
Then we set the dkim to sign the emails with mailjet
mailjet._domainkey.flatbay.fr. IN TXT k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzmvaBt13vXsRhxklytl1YYijSmaYwjf7glh03VcxxCbeT5xdiJnOcBFbkx7RjkWBi5E1idDaTG5K4hekvAYoMEcJVtexwuiwidpVCkPDAepyTPh5aIEI8GZCwHQ1xgwiFM0C19lOhujG9jmQNekipdjCDUjq9XcmXF1OFufkwCQIDAQAB
to check that it worked :
dig +noall +answer mailjet._domainkey.flatbay.fr txt https://dmarcian.com/dkim-inspector/?domain=flatbay.fr&selector=mailjet
then we can specify dmarc to get reports and enforce the rules
_dmarc.raphaelpicolo.com.
IN TXT
"v=DMARC1; p=none; rua=mailto:dmarc.report@raphaelpiccolo.com; ruf=mailto:dmarc.report@raphaelpiccolo.com; ri=86400"in the begining you can specify p to "none", then "quanrantine", then "reject".
Check that's it's good
dig +noall +answer mailjet._domainkey.flatbay.fr txt
https://dmarcian.com/dmarc-inspector/