[HN Gopher] Tell HN: Make sure to configure DKIM/SPF with Fastmail
___________________________________________________________________
Tell HN: Make sure to configure DKIM/SPF with Fastmail
I've been using Fastmail since 2007, so I haven't touched the DNS
of several of my domains in years. All of my email has been getting
flagged as spam by GMail recently, and it's likely because I never
added DKIM/SPF records to my older domains. I know there are a
bunch of old Fastmail users here so figured I'd do a quick PSA
Author : whichdan
Score : 27 points
Date : 2022-03-27 20:27 UTC (2 hours ago)
| RKearney wrote:
| This is true of any mail service and is not at all unique to
| Fastmail.
| iamdamian wrote:
| Agreed, and thank you for the PSA.
|
| This hit me a week ago. After a friend let me know, configuring
| DKIM/SPF did the trick in minutes.
| johngalt wrote:
| Not unique to Fastmail. Any domain that sends email should have
| DKIM/SPF/DMARC. SPF is quickly becoming irrelevant, but it is an
| easy configuration item.
|
| Recommend mxtoolbox for validating configurations
| https://mxtoolbox.com/
|
| Specifically send a test email to ping@tools.mxtoolbox.com and it
| will advise you of your current settings.
|
| Dmarcian has good resources on DMARC specifically, and can act as
| an RUA report reader as a paid service.
| https://dmarcian.com/alignment/
| notacoward wrote:
| I noticed this recent change too. Deliberate degradation of
| service via competitors (Fastmail is objectively not a spam relay
| and I'm sure the folks at GMail know that) is just more fodder
| for the coming anti-trust case.
| TheSmiddy wrote:
| DKIM has been around for close to 2 decades now and fastmail
| has been rolling out out by default since 2009 [1]. This change
| only affects fastmail users who manage their own DNS rather
| than letting fastmail manage it and either set it up a very
| long time ago or chose not to implement all the recommended
| settings.
|
| Gmails changes are not deliberately affecting fastmail at all.
|
| [1] https://fastmail.blog/historical/all-outbound-email-now-
| bein...
| iamdamian wrote:
| I signed up for Fastmail only 9 years ago, and my email
| started being sent to spam just this week.
| walrus01 wrote:
| In general, never have an MX configured in your authoritative DNS
| zonefile without proper SPF and DKIM. Deliverability to outbound
| SMTP destinations will be very poor.
|
| Not fastmail specific.
| technion wrote:
| A side issue here is that if you don't have an MX record
| configured (say, you figured a domain isn't used for mail), it
| doesn't mean "we don't accept mail". You'll be surprised at how
| much spam ends up being directed at your apex A record, because
| according to the RFC that's where it goes in the absence of an
| MX record. Use
|
| MX 0 .
|
| For such domains.
| climb_stealth wrote:
| When you manage your domains through Fastmail it does it
| automatically. I certainly haven't had to configure it myself.
|
| There is a neat website to check your email settings that was on
| the HN front page earlier this year:
|
| https://www.learndmarc.com/
| janto wrote:
| Amusing :) Although I have to admit that I am even less sure
| after using that site. There doesn't seem to be an indication
| that DKIM "FAIL" in red is a good or bad thing after it
| attempted to spoof a domain I own. I assume it's good?
| climb_stealth wrote:
| Not sure, I can't say I'm super familiar with this. Which I
| guess is part of the reason I'm having it configured through
| Fastmail.
|
| This is the original submission where the link came from if
| it helps:
|
| https://news.ycombinator.com/item?id=29869266
| 2000UltraDeluxe wrote:
| Also add DMARC to the list aswell, and make sure to warm up the
| domain again once you're done.
| ivan_ah wrote:
| What does "warm up" mean in this case? Send a few emails?
|
| Also, what policy do you recommend fro DMARC: none, quarantine,
| or reject?
| johngalt wrote:
| DMARC: Set is as p=none and read your reports from the RUA
| tags.
|
| Once you are confident that all the legitimate mail is
| aligned, then go straight to p=reject. Many will recommend
| quarantine, but it's better to have an email bounce back
| immediately vs silently get lost in a spam folder. Outside of
| troubleshooting there isn't much use for P=Quarantine in
| DMARC or '~all' in SPF.
| boris-ning-usds wrote:
| This is what mailgun recommends for warming up email / email
| reputation. https://www.mailgun.com/blog/domain-warmup-
| reputation-stretc...
|
| If you're just starting out, start with none. Quarantine or
| reject needs to be carefully monitored over time.
| Amfy wrote:
| thanks
| basisword wrote:
| I know nothing about DKIM/SPF. Is there a reason this only
| applies to older Fastmail users?
| whichdan wrote:
| Originally, Fastmail only had you add MX records. The DKIM/SPF
| change was more recent (as in, sometime in the past 16 years :)
| due to changing standards around email deliverability.
___________________________________________________________________
(page generated 2022-03-27 23:01 UTC)