On Thu, Nov 19, 2020 at 01:47:57PM +0000, Chris Woods wrote: > On Thu, 19 Nov 2020 at 13:29, Chris Woods < > christopherwoods+list-mai...@gmail.com> wrote: > > Correct the PTR, it's currently "romana.vs.mythic-beasts.com". > > > Unless it's out of preference you're leaving it like that - I do similarly > with > a domain distinct from whatever domains are hosted on a box. As long as your > mailserver is helloing to GMail with the same hostname.
No preference as such, just that there may be other domains with email on the server in the future and the default hostname was as good as any. > What do the Original message headers say in GMail? I usually send myself a > test > to GMail to examine. Do emails sent to GMail recipients get the yellow "be > careful with this message - Gmail could not verify that it actually came from > xk7.net" banner? No, they say: SPF: PASS with IP 2a00:1098:82:b3:0:0:0:1 DKIM: 'PASS' with domain xk7.net DMARC: 'PASS' There is no warning about no authentication (and there shouldn't be). > My SPFs tend to be slightly more verbose, remembering the ten lookup max > guide... > I usually start from structure of "v=spf1 a mx a:any.additional.domain > ip4:10.10.0.1 ip6:anot:her::ipv6:addr:ess ~all" (I have a couple of edge cases > for some of my email sending) I only send xk7.net mail via this server so mx should be fine. Any mail from xk7.net coming from any other server should be rejected (and ideally notified, but I'm not sure that Google does anything with DMARC records in that regard). > Is your DKIM at least 1024 bits? Yes, it is 2048 bits: openssl rsa -text -noout -in dkim.key RSA Private-Key: (2048 bit, 2 primes) -- Paul Waring Freelance PHP developer https://www.phpdeveloper.org.uk _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
