DKIM, DMARC, and (hard) SPF records on CiviCRM servers

TPA-RFC-44 emergency procedures (#40981 (closed)) was adopted, let's move on with the first step:

SPF (hard), DKIM and DMARC (soft) records on CiviCRM

Deploy DKIM signatures on outgoing mail on CiviCRM
Deploy a "soft" DMARC policy with postmaster@ as a reporting endpoint
Harden the SPF policy for to restrict it to the CRM servers and eugeni

This would be done immediately.

Edited Dec 06, 2022 by anarcat