DKIM, DMARC, and (hard) SPF records on CiviCRM servers

TPA-RFC-44 emergency procedures (#40981 (closed)) was adopted, let's move on with the first step:

SPF (hard), DKIM and DMARC (soft) records on CiviCRM

1. Deploy DKIM signatures on outgoing mail on CiviCRM

2. Deploy a "soft" DMARC policy with postmaster@ as a reporting endpoint

3. Harden the SPF policy for to restrict it to the CRM servers and eugeni

This would be done immediately.