01/12/2022
mailjet SPF/DKIM/DMARC

We can stop phishing emails and some spams by configuring SPF/DKIM/DMARC
without this, anybody can send emails from our domain, and not be categorized as spam.

This can be configured here domain by domain :
https://app.mailjet.com/account/domain

We set the spf record to authorize only mailjet to send our emails :

we put this in a TXT record in the dns of flatbay.fr (do not use SPF type record, use TXT) :

flatbay.fr.
IN TXT
"v=spf1 include:spf.mailjet.com ~all"

PS: please note that mailjet advises the use of "?all" which equals to "+all" which equals to accept all (hence useless spf record)
replace with "~all" to mark bad email as spam and "-all" to drop email automatically

to check that it worked :

dig +noall +answer flatbay.fr txt

https://dmarcian.com/spf-survey/?domain=flatbay.fr

Then we set the dkim to sign the emails with mailjet

mailjet._domainkey.flatbay.fr. 
IN TXT
k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzmvaBt13vXsRhxklytl1YYijSmaYwjf7glh03VcxxCbeT5xdiJnOcBFbkx7RjkWBi5E1idDaTG5K4hekvAYoMEcJVtexwuiwidpVCkPDAepyTPh5aIEI8GZCwHQ1xgwiFM0C19lOhujG9jmQNekipdjCDUjq9XcmXF1OFufkwCQIDAQAB

to check that it worked :

dig +noall +answer mailjet._domainkey.flatbay.fr txt

https://dmarcian.com/dkim-inspector/?domain=flatbay.fr&selector=mailjet

then we can specify dmarc to get reports and enforce the rules

    _dmarc.raphaelpicolo.com.
    IN TXT
    "v=DMARC1; p=none; rua=mailto:dmarc.report@raphaelpiccolo.com; ruf=mailto:dmarc.report@raphaelpiccolo.com; ri=86400"

in the begining you can specify p to "none", then "quanrantine", then "reject".

Check that's it's good

    dig +noall +answer mailjet._domainkey.flatbay.fr txt

    https://dmarcian.com/dmarc-inspector/