#dmarc — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #dmarc, aggregated by home.social.
-
4.8% of domains have broken SPF records
across 5.5M domains scanned, 4.8% have SPF records with lookup errors
- exceeding the 10-mechanism limit
- circular includes
- syntax errors
- or void lookupsthat's roughly 149,000 domains with SPF records that actively fail evaluation
their email authentication is worse than having no SPF at all, because a permerror result is treated differently than a "none" result by receiving MTAs
-
https://www.europesays.com/britain/35998/ UK SMEs better at email security than North America #AttackSurfaceManagement #Brokers #BusinessContinuity #BusinessEmailCompromise #Canada #CyberInsurance #CyberResilience #CyberRisk #Cybersecurity #DMARC #EmailSecurity #Infosec #ITGovernance #KYND #Patching #Phishing #Ransomware #RemoteAccess #Risk&Compliance #RiskManagement #SecurityPosture #SmallBusiness(SMB) #SpearPhishing #UK #UnitedKingdom #UnitedKingdom(UK) #UnitedStates(US)
-
How to Deploy #Mailman Suite on #Debian #VPS for Automated Mailing List Management This article provides a detailed step-by-step guide demonstrating how to deploy Mailman Suite on Debian VPS for automated mailing list management. Mailman Suite includes Mailman Core, #Postorius (web UI), #HyperKitty (archiver), and the Mailman Web UI integration.
What is Mailman Suite? ...
Continued 👉 https://blog.radwebhosting.com/deploy-mailman-suite-on-debian-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #reverseproxy #opendkim #dkim #dmarc #opensource #selfhosted #selfhosting #spf #django -
How to Deploy #Mailman Suite on #Debian #VPS for Automated Mailing List Management This article provides a detailed step-by-step guide demonstrating how to deploy Mailman Suite on Debian VPS for automated mailing list management. Mailman Suite includes Mailman Core, #Postorius (web UI), #HyperKitty (archiver), and the Mailman Web UI integration.
What is Mailman Suite? ...
Continued 👉 https://blog.radwebhosting.com/deploy-mailman-suite-on-debian-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #reverseproxy #opendkim #dkim #dmarc #opensource #selfhosted #selfhosting #spf #django -
How to Deploy #Mailman Suite on #Debian #VPS for Automated Mailing List Management This article provides a detailed step-by-step guide demonstrating how to deploy Mailman Suite on Debian VPS for automated mailing list management. Mailman Suite includes Mailman Core, #Postorius (web UI), #HyperKitty (archiver), and the Mailman Web UI integration.
What is Mailman Suite? ...
Continued 👉 https://blog.radwebhosting.com/deploy-mailman-suite-on-debian-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #reverseproxy #opendkim #dkim #dmarc #opensource #selfhosted #selfhosting #spf #django -
ARC chain analyzer: trace authentication through forwarders.
email forwarding breaks DMARC.
when a message is forwarded through a mailing list or university relay, the original SPF alignment is lost.
ARC (Authenticated Received Chain, RFC 8617) preserves the authentication results across hops.
I built it because forwarding is the #1 source of false-positive DMARC failures.
-
ARC chain analyzer: trace authentication through forwarders.
email forwarding breaks DMARC.
when a message is forwarded through a mailing list or university relay, the original SPF alignment is lost.
ARC (Authenticated Received Chain, RFC 8617) preserves the authentication results across hops.
I built it because forwarding is the #1 source of false-positive DMARC failures.
-
ARC chain analyzer: trace authentication through forwarders.
email forwarding breaks DMARC.
when a message is forwarded through a mailing list or university relay, the original SPF alignment is lost.
ARC (Authenticated Received Chain, RFC 8617) preserves the authentication results across hops.
I built it because forwarding is the #1 source of false-positive DMARC failures.
-
How to Deploy #Mailman Suite on #Debian #VPS for Automated Mailing List Management This article provides a detailed step-by-step guide demonstrating how to deploy Mailman Suite on Debian VPS for automated mailing list management. Mailman Suite includes Mailman Core, #Postorius (web UI), #HyperKitty (archiver), and the Mailman Web UI integration.
What is Mailman Suite? ...
Continued 👉 https://blog.radwebhosting.com/deploy-mailman-suite-on-debian-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #selfhosting #opensource #spf #selfhosted #opendkim #dmarc #dkim #django #reverseproxy -
How to Deploy #Mailman Suite on #Debian #VPS for Automated Mailing List Management This article provides a detailed step-by-step guide demonstrating how to deploy Mailman Suite on Debian VPS for automated mailing list management. Mailman Suite includes Mailman Core, #Postorius (web UI), #HyperKitty (archiver), and the Mailman Web UI integration.
What is Mailman Suite? ...
Continued 👉 https://blog.radwebhosting.com/deploy-mailman-suite-on-debian-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #selfhosting #opensource #spf #selfhosted #opendkim #dmarc #dkim #django #reverseproxy -
How to Deploy #Mailman Suite on #Debian #VPS for Automated Mailing List Management This article provides a detailed step-by-step guide demonstrating how to deploy Mailman Suite on Debian VPS for automated mailing list management. Mailman Suite includes Mailman Core, #Postorius (web UI), #HyperKitty (archiver), and the Mailman Web UI integration.
What is Mailman Suite? ...
Continued 👉 https://blog.radwebhosting.com/deploy-mailman-suite-on-debian-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #selfhosting #opensource #spf #selfhosted #opendkim #dmarc #dkim #django #reverseproxy -
named senders changed everything.
every platform shows you IPs.
I wanted to see names. Mailchimp, Google Workspace, Salesforce, SendGrid. not CIDR blocks.
so I built a sender identification system.
it maps IPs to known ESPs and cloud providers automatically.
when you look at your DMARC report in DMARCguard, you see "Mailchimp sent 4,200 messages, 98% aligned". not a wall of numbers.
-
named senders changed everything.
every platform shows you IPs.
I wanted to see names. Mailchimp, Google Workspace, Salesforce, SendGrid. not CIDR blocks.
so I built a sender identification system.
it maps IPs to known ESPs and cloud providers automatically.
when you look at your DMARC report in DMARCguard, you see "Mailchimp sent 4,200 messages, 98% aligned". not a wall of numbers.
-
named senders changed everything.
every platform shows you IPs.
I wanted to see names. Mailchimp, Google Workspace, Salesforce, SendGrid. not CIDR blocks.
so I built a sender identification system.
it maps IPs to known ESPs and cloud providers automatically.
when you look at your DMARC report in DMARCguard, you see "Mailchimp sent 4,200 messages, 98% aligned". not a wall of numbers.
-
MTA-STS: forcing TLS on your inbound mail.
SMTP was designed without encryption.
STARTTLS added opportunistic encryption, but it's trivially downgraded by a MITM stripping the STARTTLS response.
MTA-STS fixes this.
combined with TLS-RPT , you get reports when senders fail to establish TLS.
without TLS-RPT, MTA-STS enforcement is blind... you won't know when legitimate mail is being rejected due to certificate issues.
-
MTA-STS: forcing TLS on your inbound mail.
SMTP was designed without encryption.
STARTTLS added opportunistic encryption, but it's trivially downgraded by a MITM stripping the STARTTLS response.
MTA-STS fixes this.
combined with TLS-RPT , you get reports when senders fail to establish TLS.
without TLS-RPT, MTA-STS enforcement is blind... you won't know when legitimate mail is being rejected due to certificate issues.
-
MTA-STS: forcing TLS on your inbound mail.
SMTP was designed without encryption.
STARTTLS added opportunistic encryption, but it's trivially downgraded by a MITM stripping the STARTTLS response.
MTA-STS fixes this.
combined with TLS-RPT , you get reports when senders fail to establish TLS.
without TLS-RPT, MTA-STS enforcement is blind... you won't know when legitimate mail is being rejected due to certificate issues.
-
The protocol gap nobody talks about
most DMARC monitoring platforms cover 5-6 protocols
this isn't a feature gap. it's a visibility gap.
if your monitoring tool doesn't cover MTA-STS, you won't know when your transport encryption policy is being downgraded.
if it doesn't parse ARC chains, you can't trace authentication through forwarders.
9 protocols exist for a reason. each one covers a different attack surface.
-
The protocol gap nobody talks about
most DMARC monitoring platforms cover 5-6 protocols
this isn't a feature gap. it's a visibility gap.
if your monitoring tool doesn't cover MTA-STS, you won't know when your transport encryption policy is being downgraded.
if it doesn't parse ARC chains, you can't trace authentication through forwarders.
9 protocols exist for a reason. each one covers a different attack surface.
-
The protocol gap nobody talks about
most DMARC monitoring platforms cover 5-6 protocols
this isn't a feature gap. it's a visibility gap.
if your monitoring tool doesn't cover MTA-STS, you won't know when your transport encryption policy is being downgraded.
if it doesn't parse ARC chains, you can't trace authentication through forwarders.
9 protocols exist for a reason. each one covers a different attack surface.
-
12.8% enforcement: the real DMARC number
I see "DMARC adoption is growing" headlines everywhere
and sure, 30.4% of the 5.5M domains I scanned have a DMARC record
only 12.8% of those domains are at `p=quarantine` or `p=reject`
the rest sit at `p=none`
collecting reports, taking no action, providing no protection against spoofing
that means 87.2% of domains are either unprotected or watching attacks happen
-
12.8% enforcement: the real DMARC number
I see "DMARC adoption is growing" headlines everywhere
and sure, 30.4% of the 5.5M domains I scanned have a DMARC record
only 12.8% of those domains are at `p=quarantine` or `p=reject`
the rest sit at `p=none`
collecting reports, taking no action, providing no protection against spoofing
that means 87.2% of domains are either unprotected or watching attacks happen
-
12.8% enforcement: the real DMARC number
I see "DMARC adoption is growing" headlines everywhere
and sure, 30.4% of the 5.5M domains I scanned have a DMARC record
only 12.8% of those domains are at `p=quarantine` or `p=reject`
the rest sit at `p=none`
collecting reports, taking no action, providing no protection against spoofing
that means 87.2% of domains are either unprotected or watching attacks happen
-
your domain health in one check
the domain health check runs all 9 email authentication protocols against your domain in a single query
- SPF syntax
- DMARC policy
- DKIM selectors
- MTA-STS mode
- TLS-RPT reporting
- BIMI record
- DANE/TLSA
- and ARC chain validationrun the health check
one domain, 9 protocols, 30 seconds
no account required
-
your domain health in one check
the domain health check runs all 9 email authentication protocols against your domain in a single query
- SPF syntax
- DMARC policy
- DKIM selectors
- MTA-STS mode
- TLS-RPT reporting
- BIMI record
- DANE/TLSA
- and ARC chain validationrun the health check
one domain, 9 protocols, 30 seconds
no account required
-
your domain health in one check
the domain health check runs all 9 email authentication protocols against your domain in a single query
- SPF syntax
- DMARC policy
- DKIM selectors
- MTA-STS mode
- TLS-RPT reporting
- BIMI record
- DANE/TLSA
- and ARC chain validationrun the health check
one domain, 9 protocols, 30 seconds
no account required
-
why I built a 9-protocol platform!?
when I started building DMARCguard, every competitor I evaluated covered 5-6 protocols.
DMARC, SPF, DKIM... the basics.
but email authentication is a system of 9 interlocking protocols, and monitoring only half of them gives you a partial picture.
so I built coverage for all 9: DMARC, SPF, DKIM, BIMI, MTA-STS, TLS-RPT, ARC, DANE, and ARF.
that decision cost me speed but bought correctness.
-
why I built a 9-protocol platform!?
when I started building DMARCguard, every competitor I evaluated covered 5-6 protocols.
DMARC, SPF, DKIM... the basics.
but email authentication is a system of 9 interlocking protocols, and monitoring only half of them gives you a partial picture.
so I built coverage for all 9: DMARC, SPF, DKIM, BIMI, MTA-STS, TLS-RPT, ARC, DANE, and ARF.
that decision cost me speed but bought correctness.
-
why I built a 9-protocol platform!?
when I started building DMARCguard, every competitor I evaluated covered 5-6 protocols.
DMARC, SPF, DKIM... the basics.
but email authentication is a system of 9 interlocking protocols, and monitoring only half of them gives you a partial picture.
so I built coverage for all 9: DMARC, SPF, DKIM, BIMI, MTA-STS, TLS-RPT, ARC, DANE, and ARF.
that decision cost me speed but bought correctness.
-
SPF has a 10-lookup limit
RFC 7208 Section 4.6.4 is clear: SPF evaluation must not exceed 10 DNS mechanisms that cause lookups
exceed it and the result is permerror
meaning your SPF record is effectively invalid
every SaaS tool you authorize (Mailchimp, Salesforce, Zendesk) adds includes
the fix: flatten your record
replace nested includes with the resolved IP ranges
but those IPs change, so you need ongoing monitoring.
-
Microsoft Outlook enforcement is here
Microsoft started enforcing DMARC for outlook.com senders in May 2025
if you're still at p=none for domains sending to Outlook, Hotmail, or live.com recipients, your deliverability is already degrading
combined with Google/Yahoo rejecting non-compliant bulk senders since November 2025, the three largest consumer mailbox providers now enforce authentication
-
Microsoft Outlook enforcement is here
Microsoft started enforcing DMARC for outlook.com senders in May 2025
if you're still at p=none for domains sending to Outlook, Hotmail, or live.com recipients, your deliverability is already degrading
combined with Google/Yahoo rejecting non-compliant bulk senders since November 2025, the three largest consumer mailbox providers now enforce authentication
-
Microsoft Outlook enforcement is here
Microsoft started enforcing DMARC for outlook.com senders in May 2025
if you're still at p=none for domains sending to Outlook, Hotmail, or live.com recipients, your deliverability is already degrading
combined with Google/Yahoo rejecting non-compliant bulk senders since November 2025, the three largest consumer mailbox providers now enforce authentication
-
How to Deploy #Mailman Suite on #Debian #VPS for Automated Mailing List Management This article provides a detailed step-by-step guide demonstrating how to deploy Mailman Suite on Debian VPS for automated mailing list management. Mailman Suite includes Mailman Core, #Postorius (web UI), #HyperKitty (archiver), and the Mailman Web UI integration.
What is Mailman Suite? ...
Continued 👉 https://blog.radwebhosting.com/deploy-mailman-suite-on-debian-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #opensource #reverseproxy #opendkim #selfhosted #spf #dmarc #dkim #selfhosting #django -
How to Deploy #Mailman Suite on #Debian #VPS for Automated Mailing List Management This article provides a detailed step-by-step guide demonstrating how to deploy Mailman Suite on Debian VPS for automated mailing list management. Mailman Suite includes Mailman Core, #Postorius (web UI), #HyperKitty (archiver), and the Mailman Web UI integration.
What is Mailman Suite? ...
Continued 👉 https://blog.radwebhosting.com/deploy-mailman-suite-on-debian-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #opensource #reverseproxy #opendkim #selfhosted #spf #dmarc #dkim #selfhosting #django -
How to Deploy #Mailman Suite on #Debian #VPS for Automated Mailing List Management This article provides a detailed step-by-step guide demonstrating how to deploy Mailman Suite on Debian VPS for automated mailing list management. Mailman Suite includes Mailman Core, #Postorius (web UI), #HyperKitty (archiver), and the Mailman Web UI integration.
What is Mailman Suite? ...
Continued 👉 https://blog.radwebhosting.com/deploy-mailman-suite-on-debian-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #opensource #reverseproxy #opendkim #selfhosted #spf #dmarc #dkim #selfhosting #django -
How to Deploy #Mailman Suite on #Debian #VPS for Automated Mailing List Management This article provides a detailed step-by-step guide demonstrating how to deploy Mailman Suite on Debian VPS for automated mailing list management. Mailman Suite includes Mailman Core, #Postorius (web UI), #HyperKitty (archiver), and the Mailman Web UI integration.
What is Mailman Suite? ...
Continued 👉 https://blog.radwebhosting.com/deploy-mailman-suite-on-debian-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #opensource #reverseproxy #opendkim #selfhosted #spf #dmarc #dkim #selfhosting #django -
Кто на чём шлёт и принимает почту: измеряем email-инфраструктуру 660 тысяч доменов из Tranco top-1M
Анализ DNS-снэпшота OpenINTEL за 2026-01-01 TL;DR. Используя ежедневные DNS-снэпшоты OpenINTEL поверх списка Tranco top-1M, мы собрали ландшафт email-инфраструктуры публичного веба на 1 января 2026 года. MX-записи опубликовали 660 114 доменов, SPF — 616 352, DMARC — 431 133. Дуополия Google Workspace (21.7%) + Microsoft 365 (16.3%) занимает суммарно ~38% receiving-стороны — заметно меньше, чем принято считать в популярных обзорах. На outbound-стороне Amazon SES вышел вперёд по числу авторизованных доменов (5.86%), обогнав SendGrid (4.66%). DMARC опубликован у двух третей SPF-доменов, но 19% всех DMARC-записей — это пустая v=DMARC1; p=none; без отчётов: формальная галочка, а не защита.
https://habr.com/ru/articles/1030770/
#email #DMARC #SPF #MX #OpenINTEL #Tranco #deliverability #emailаутентификация #DNSаналитика #ESP
-
Кто на чём шлёт и принимает почту: измеряем email-инфраструктуру 660 тысяч доменов из Tranco top-1M
Анализ DNS-снэпшота OpenINTEL за 2026-01-01 TL;DR. Используя ежедневные DNS-снэпшоты OpenINTEL поверх списка Tranco top-1M, мы собрали ландшафт email-инфраструктуры публичного веба на 1 января 2026 года. MX-записи опубликовали 660 114 доменов, SPF — 616 352, DMARC — 431 133. Дуополия Google Workspace (21.7%) + Microsoft 365 (16.3%) занимает суммарно ~38% receiving-стороны — заметно меньше, чем принято считать в популярных обзорах. На outbound-стороне Amazon SES вышел вперёд по числу авторизованных доменов (5.86%), обогнав SendGrid (4.66%). DMARC опубликован у двух третей SPF-доменов, но 19% всех DMARC-записей — это пустая v=DMARC1; p=none; без отчётов: формальная галочка, а не защита.
https://habr.com/ru/articles/1030770/
#email #DMARC #SPF #MX #OpenINTEL #Tranco #deliverability #emailаутентификация #DNSаналитика #ESP
-
Кто на чём шлёт и принимает почту: измеряем email-инфраструктуру 660 тысяч доменов из Tranco top-1M
Анализ DNS-снэпшота OpenINTEL за 2026-01-01 TL;DR. Используя ежедневные DNS-снэпшоты OpenINTEL поверх списка Tranco top-1M, мы собрали ландшафт email-инфраструктуры публичного веба на 1 января 2026 года. MX-записи опубликовали 660 114 доменов, SPF — 616 352, DMARC — 431 133. Дуополия Google Workspace (21.7%) + Microsoft 365 (16.3%) занимает суммарно ~38% receiving-стороны — заметно меньше, чем принято считать в популярных обзорах. На outbound-стороне Amazon SES вышел вперёд по числу авторизованных доменов (5.86%), обогнав SendGrid (4.66%). DMARC опубликован у двух третей SPF-доменов, но 19% всех DMARC-записей — это пустая v=DMARC1; p=none; без отчётов: формальная галочка, а не защита.
https://habr.com/ru/articles/1030770/
#email #DMARC #SPF #MX #OpenINTEL #Tranco #deliverability #emailаутентификация #DNSаналитика #ESP
-
Кто на чём шлёт и принимает почту: измеряем email-инфраструктуру 660 тысяч доменов из Tranco top-1M
Анализ DNS-снэпшота OpenINTEL за 2026-01-01 TL;DR. Используя ежедневные DNS-снэпшоты OpenINTEL поверх списка Tranco top-1M, мы собрали ландшафт email-инфраструктуры публичного веба на 1 января 2026 года. MX-записи опубликовали 660 114 доменов, SPF — 616 352, DMARC — 431 133. Дуополия Google Workspace (21.7%) + Microsoft 365 (16.3%) занимает суммарно ~38% receiving-стороны — заметно меньше, чем принято считать в популярных обзорах. На outbound-стороне Amazon SES вышел вперёд по числу авторизованных доменов (5.86%), обогнав SendGrid (4.66%). DMARC опубликован у двух третей SPF-доменов, но 19% всех DMARC-записей — это пустая v=DMARC1; p=none; без отчётов: формальная галочка, а не защита.
https://habr.com/ru/articles/1030770/
#email #DMARC #SPF #MX #OpenINTEL #Tranco #deliverability #emailаутентификация #DNSаналитика #ESP
-
How to Deploy #Mailman Suite on #Debian #VPS for Automated Mailing List Management This article provides a detailed step-by-step guide demonstrating how to deploy Mailman Suite on Debian VPS ... Continued 👉 #opendkim #django #dkim #selfhosting #opensource #selfhosted #spf #dmarc #reverseproxy
-
How to Deploy #Mailman Suite on #Debian #VPS for Automated Mailing List Management This article provides a detailed step-by-step guide demonstrating how to deploy Mailman Suite on Debian VPS ... Continued 👉 #opendkim #django #dkim #selfhosting #opensource #selfhosted #spf #dmarc #reverseproxy
-
month one. here's exactly what I've shared and what's coming next.
thirty-one days
no sales pitches
what I covered:
- DMARC enforcement gaps (12.8% adoption)
- SPF lookup limits (2.7% error rate)
- DKIM alignment failures
- ARC chain analysisand
- MTA-STS transport security
- DANE certificate pinning
- BIMI brand displayevery tool I mentioned is free at dmarcguard.io/tools/
no account, no credit card, no trial expiration
-
month one. here's exactly what I've shared and what's coming next.
thirty-one days
no sales pitches
what I covered:
- DMARC enforcement gaps (12.8% adoption)
- SPF lookup limits (2.7% error rate)
- DKIM alignment failures
- ARC chain analysisand
- MTA-STS transport security
- DANE certificate pinning
- BIMI brand displayevery tool I mentioned is free at dmarcguard.io/tools/
no account, no credit card, no trial expiration
-
month one. here's exactly what I've shared and what's coming next.
thirty-one days
no sales pitches
what I covered:
- DMARC enforcement gaps (12.8% adoption)
- SPF lookup limits (2.7% error rate)
- DKIM alignment failures
- ARC chain analysisand
- MTA-STS transport security
- DANE certificate pinning
- BIMI brand displayevery tool I mentioned is free at dmarcguard.io/tools/
no account, no credit card, no trial expiration
-
ARF, Abuse Reporting Format (RFC 5965) standardizes how mailbox providers report abuse back to senders
when a recipient marks your email as spam, ARF sends a structured report to the address in your abuse contact
combined with DMARC aggregate (rua) and forensic (ruf) reports, ARF completes the picture:
- authentication status
- delivery failures
- and recipient complaints -
ARF, Abuse Reporting Format (RFC 5965) standardizes how mailbox providers report abuse back to senders
when a recipient marks your email as spam, ARF sends a structured report to the address in your abuse contact
combined with DMARC aggregate (rua) and forensic (ruf) reports, ARF completes the picture:
- authentication status
- delivery failures
- and recipient complaints -
ARF, Abuse Reporting Format (RFC 5965) standardizes how mailbox providers report abuse back to senders
when a recipient marks your email as spam, ARF sends a structured report to the address in your abuse contact
combined with DMARC aggregate (rua) and forensic (ruf) reports, ARF completes the picture:
- authentication status
- delivery failures
- and recipient complaints -
How to Deploy #Mailman Suite on #Debian #VPS for Automated Mailing List Management This article provides a detailed step-by-step guide demonstrating how to deploy Mailman Suite on Debian VPS for automated mailing list management. Mailman Suite includes Mailman Core, #Postorius (web UI), #HyperKitty (archiver), and the Mailman Web UI integration.
What is Mailman Suite? ...
Continued 👉 https://blog.radwebhosting.com/deploy-mailman-suite-on-debian-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #dkim #opendkim #selfhosting #dmarc #reverseproxy #opensource #selfhosted #django #spf