Ruaphoc @mstdn.games Cyberpunk 2077, Cities Skylines, Kerbal Space Program, Gadgets, Tech Repairs, 3D Printing, Linux OS, Cybersecurity.
Posts 0
Comments 1
Important reminder, if you own a domain name and don't use it for sending email.
While you are securing your domain, 3 more good ideas:
-
Enable DNSSEC. This will sign the dns query responses to help ensure your DKIM and TLSA can be trusted.
-
Configure CAA records with only your TLS certificate issuer so any other certificates are not trusted.
-
Configure DANE TLSA records with a hash of the public keys for your email server and websites. Also be sure to configure the βmta-sts.@β subdomain to serve the correct text file. This will provide an additional chain of trust for your email server (and websites server).