Use DMARC to harden SPF and DKIM

article #1255, updated 50 days ago

The following TXT record:

v=DMARC1; p=reject; pct=100; adkim=s; aspf=s

at least theoretically, should harden SPF and, if present, DKIM. “=s” means “strict”. According to DMARC documentation, DMARC can be used without DKIM, and experiences with a first setup of the above without DKIM are playing out well so far.

Some info is here: