Security/Domain

Tools » Install » SPF

cat <<'EXE'\| sudo bash echo && git clone https://github.com/jsarenik/spf-tools.git /opt/cli/spf-tools echo && cd /opt/cli/spf-tools/ ./despf.sh -h EXE

cat <<'CFG'\| tee ${HOME}/.spf-toolsrc >/dev/null DOMAIN=shahed.biz ORIG_SPF=spf.shahed.biz DESPF_SKIP_DOMAINS=_spf.google.com:_spf.sendgrid.net DNS_TIMEOUT=5 DNS_SERVER=1.1.1.1 CFG

dig MX chorke.com dig TXT chorke.com /opt/cli/spf-tools/despf.sh chorke.com	dig MX chorke.org dig TXT chorke.org /opt/cli/spf-tools/despf.sh chorke.org	dig MX shahed.biz dig TXT shahed.biz /opt/cli/spf-tools/despf.sh shahed.biz

dig MX finology-group.com dig TXT finology-group.com /opt/cli/spf-tools/despf.sh finology-group.com	dig MX finology.com.my dig TXT finology.com.my /opt/cli/spf-tools/despf.sh finology.com.my	dig MX coverplus.io dig TXT coverplus.io /opt/cli/spf-tools/despf.sh coverplus.io

cd /opt/cli/spf-tools;./despf.sh chorke.org \|./normalize.sh \|./simplify.sh \|./iprange.sh \|./mkblocks.sh \|./xsel.sh cd /opt/cli/spf-tools;./despf.sh chorke.org \|./normalize.sh \|./simplify.sh \|./iprange.sh \|./mkblocks.sh cd /opt/cli/spf-tools;./despf.sh chorke.org \|./normalize.sh \|./simplify.sh \|./iprange.sh

cd /opt/cli/spf-tools;\ cat <<'SPF'\| ./normalize.sh ip4:10.19.83.10/24 ip4:10.19.93.100/24 ip4:10.20.03.110/24 SPF	cd /opt/cli/spf-tools;\ cat <<'SPF'\| ./simplify.sh ip4:10.19.83.1 ip4:10.19.83.100 ip4:10.19.83.0/24 SPF	cd /opt/cli/spf-tools;\ ./despf.sh chorke.org ./despf.sh chorke.org\| \ ./iprange.sh

Tools » Install » DKIM

cat <<'EXE'\| sudo bash apt-get update;echo apt list -a --upgradable;echo apt-get install -y opendkim-tools;echo;apt-get clean EXE

opendkim-testkey -d coverplus.io -vvv -s s1 opendkim-testkey -d coverplus.io -vvv -s s2	opendkim-testkey -d loanplus.io -vvv -s s1 opendkim-testkey -d loanplus.io -vvv -s s2	opendkim-testkey -d loanstreet.com.my -vvv -s s1 opendkim-testkey -d loanstreet.com.my -vvv -s s2

opendkim-testkey -d finology.com.my -vvv -s fn opendkim-testkey -d finology.com.my -vvv -s google opendkim-testkey -d finology.com.my -vvv -s ritesh	opendkim-testkey -d chorke.org -vvv -s google opendkim-testkey -d finology.group -vvv -s mail opendkim-testkey -d finology-group.com -vvv -s google	opendkim-genkey -b 2048 -d chorke.org -s s1 opendkim-genkey -b 2048 -d chorke.org -s s2 opendkim-genkey -b 2048 -d chorke.org -s mail

DNS » Record » TXT » SPF

SPF TXT Record Format
v=spf1 [mechanism] [qualifier] [modifiers] ...

Mechanism	Example	Meaning
`ip4`	`ip4:192.0.2.1`	Allow a specific IPv4 address
`ip6`	`ip6:2001:db8::1`	Allow a specific IPv6 address
`a`	`a:example.com`	Allow IP from the A or AAAA record of domain
`mx`	`mx:example.com`	Allow mail servers listed in domain's MX records
`include`	`include:_spf.google.com`	Include SPF rules from another domain
`all`	`-all`, `~all`, `?all`, `+all`	Apply default rule to any unmatched sender

Qualifier	Meaning	Action	Usage
`+all`	Pass	Accept mail from any IP	☠️ Not recommended
`-all`	Hard fail	Reject non-matching IPs	✅ Strict enforcement
`~all`	Soft fail	Accept but mark as spam	👍 Recommended during rollout
`?all`	Neutral	No policy guidance	🤷 Rare, for undefined policies

Modifier	Description	Example
`redirect`	Redirect SPF check to another domain	`redirect=_spf.example.com`
`exp`	Explanation domain for failed SPF	`exp=explain.example.com`

Run a Composite Check:
- DMARCian » Domain Checker
- EasyDMARC » Email Security Check
Use SPF Flattening
- EasyDMARC » SPF Flattening
Manually
- Check for
  
  Proper -all ending
  
  Lookup count ≤ 10
  
  No multiple TXT records
  
  Only needed services included

DNS » Record » TXT » DKIM

Gmail » Google Workspace
Admin Console » Apps » Google Workspace » Gmail » Authenticate email » Selected domain » chorke.org » Generate New Record » Start Authentication

Twilio SendGrid
Sender Authentication » Domain Authentication » <id>.chorke.org » DNS Records » Manual Install » Verify

Playground

dig MX  chorke.org
dig TXT chorke.org
openssl s_client -connect mail.chorke.org:25

apt info   opendkim-tools
apt search opendkim-tools
sudo apt-get install -y opendkim-tools

sudo git clone https://github.com/jsarenik/spf-tools.git \
   /opt/cli/spf-tools
cd /opt/cli/spf-tools/

dig TXT s1.domainkey.u5967707.wl208.sendgrid.net
dig TXT s2.domainkey.u5967707.wl208.sendgrid.net

References

Security » Domain » DKIM » Explained Security » Domain » MX » Mail Tester Security » Domain » SPF » Flattening Security » Domain » DMARC » Email Security » Domain » DKIM » Core Security » Domain » SPF » Tools Security » Domain » DMARC Security » Domain » DKIM Security » Domain » SPF Security » Domain » MX	Security » Domain » SPF » `mail.finology.com.my` Security » Domain » SPF » `finology-group.com` Security » Domain » SPF » `finology.com.my` Security » Domain » SPF » `coverplus.io` Security » Domain » SPF » `chorke.com` Security » Domain » SPF » `chorke.org` Security » Domain » SPF » `shahed.biz`

Security » HTTP » Basic Authentication Security » OpenLDAP » BackSQL Security » Java » Key Store Security » Java » Mail API Security » Certificate Security » Password Security » ZA Proxy Security » Spring Security » HTTP Security » Java	Security » Certificate » TLS » Configuration Generator Security » SSH » Public Key Authentication Security » Certificate » TLS

Kubernetes Multipass Minikube Podman Vagrant Docker Qemu Helm K9s K8s	LXC » Alpine » Apache » PHP LXC » Alpine » Nginx » PHP LXC » Logrotate » Redhat Terraform Proxmox Kubectl Ansible CIDR UFW LXC	Docker/Compose/SFTP Git

Security/Domain

Contents

Tools » Install » SPF

Tools » Install » DKIM

DNS » Record » TXT » SPF

DNS » Record » TXT » DKIM

Playground

References

Navigation menu

Security/Domain

Tools » Install » SPF

Tools » Install » DKIM

DNS » Record » TXT » SPF

DNS » Record » TXT » DKIM

Playground

References

Navigation menu

Search