Hi Rich, Go to:
https://mxtoolbox.com/SuperTool.aspx click the dropdown next to the MX Lookup button and select DMARC Lookup put in your email domain name appl-ecosys.com Click DMARC Lookup Note "no result found" also note the link immediately above that saying Microsoft Outlook.com Now requires DMARC If you change this to "Portlandia-servers.com" and do a DMARC lookup you will see an example of A valid one setup (that's one of my domains) You may not need to bother with DKIM, SPF may be sufficient but you will need DMARC. One of my domains has it setup (Mittelstaedt.us) but others do not. I set it up back in the days when just A DKIM record alone was sufficient. All my mail sending domains have SPF records, and DMARC records, though. DKIM is an annoyance because Sendmail does not natively support it so you have to use a snap-in to Sendmail to set it up and I use Sendmail for my commercial mailservers which run on FreeBSD. For webservers and other application servers as well as personal servers that I run that run on Linux I do use Postfix. I see you don't run your own nameservers you are on Namecheap's stuff so you might want to review the following: https://www.namecheap.com/support/knowledgebase/article.aspx/317/2237/how-do -i-add-txtspfdkimdmarc-records-for-my-domain/ It's not really that difficult to set all this stuff up, I'm sure you can get it done in an hour or so. Ted "The nice thing about standards is that there are so many of them to choose from." - Andrew S. Tanenbaum -----Original Message----- From: PLUG <[email protected]> On Behalf Of Rich Shepard Sent: Saturday, November 8, 2025 7:47 AM To: 'Portland Linux/Unix Group' <[email protected]> Subject: Re: [PLUG] Mail not delivered message (rejecting linux?) On Sat, 8 Nov 2025, Ted Mittelstaedt wrote: > All of the major email providers now pretty much require you to do the following when transmitting email to them: > > 1) Use a static IP address. They can check ARIN's whois to see if you > aren't using one > 2) Setup a legitimate reverse address record in DNS > 3) Setup SPF & DKIM > 4) Have an abuse@ email address at your domain that a human reads > 5) Have a postmaster@ email address that a human reads (required by > SMTP RFCs) > 6) Have TLS 1.2 turned on in your SMTP MTA (TLS 1.3 will be required > soon enough) > 7) Use correct envelope and header DNS addresses > 8) Register with them as a bulk mail provider if you are sending email > on behalf of other people. Even if the amount of email you send is > very small Ted, I run postfix (from my static IP address) and don't send bulk emails. I used to send newsletters to a large audience and I used mailx for that. > In addition if a spammer does break into one of your mailservers and > uses it to relay - it does not matter if after you clean up the mess > and close the account, you then get yourself off all the public > blacklists - it can take many months before your IP address is purged > from their internal blacklist - and none of them now have any > mechanism (that works anymore) to request early de-listing. My logs show me all the intrusion attempts. So far, in 28 years none succeeded. I'm not an ISP so I don't have accounts, only me as both root and a user. Rich
