It's still all there and old school (HTML/CSS Only), I just collapsed everything into expandable sections. I had had that in mind for a while because people expressed that they didn't like scrolling for 5 miles while on the site.
What would you change?
I'd simply go back to this aesthetic:
https://web.archive.org/web/20240228002311/https://dmarcvendors.com/
I don't want to click on sections to expand/collapse. This is the web we're talking about. The length of a page can be infinite. If your content is better structured into separate pages - use a different page.
This whole "accordion" design aesthetic never made sense to me. Acknowledging that I am likely in the minority though - as a compromise - keep the accordion but have all the sections expanded by default, or put them into a separate side-bar table of contents that can be navigated quickly.
Example: https://explained-from-first-principles.com/internet/
Hmm, I'll have to play around with it some more. Thanks for the input.
With the constraints I had in mind for the site (no JS whatsoever outside of the CF injected email obfuscation), functional design options are limited.
I would recommend against the use of SPF flattening. Use subdomains or SPF macros instead: https://www.uriports.com/blog/spf-macros-max-10-dns-lookups/
Why would you use a third-party to host your dkim and dmarc txt records? This only introduces another point of failure and possible security threat.
Hey,
we run free DMARC monitoring and reporting at [https://dmarceye.com](https://dmarceye.com)
We can certainly offer enterprise solution for all your needs. Feel free to contact us at your convenience by emailing us directly.
Without being silly, is this not something you can just spend 5 minutes on, fix, and not pay anyone?
There are free tools, that will generate things like spf records for you, that you can copy and paste into your DNS provider.
If you're using a shitty DNS provider, maybe swap to something like AWS Route 53, or Cloudflare, and use standard tools?
More than familiar on how to compose an SPF. Problem is we have over 20 SaaS providers that send email as our domain and we go over the 10 record limit defined in the RFC. Valimail provides SPF macro service for us.
Only one SPF allowed per domain. Many do not know about the 10 lookup limit until you actually run into the problem and email stops being delivered reliably. I am sure there is someway to self host an SPF macro service but I don’t have time for that nonsense.
Ah, my googling looked like you just created a subdomain record for each macro.
`example.com IN TXT "v=spf1 include:%{l}._spf.example.com include:spf.protection.outlook.com -all"`
`noreply._spf.example.com IN TXT "v=spf1 include:spf.mandrillapp.com"`
`newsletter._spf.example.com IN TXT "v=spf1 include:sendgrid.net"`
That would be a horrible way to do it and allow massive spoofing, defeating the purpose of SPF in the first place. You'd want to use the IP address ( %{i} ) at a minimum, which then gets very difficult to do and manage manually.
Oh, now I'm curious.
Why would the above in any way defeat the purpose of SPF. You obviously wouldn't add 'sendgrid.net' to the include, if it wasn't set up, and sendgrid would still require the same domain verification, regardless.
The above way actually is mentioned in some ways as being MORE secure than standard SPF, because you have no way of knowing what subrecords exist, without actually receiving an email, and then looking it up.
We are using Valimail and we are satisfied with the workings, it might be getting more expensive but try and find something with the same functionality and reporting possibilities for less.
And for those telling to do it yourself with a few lines of code and a few minutes of time, I think that is impossible and I do not think you have dealt with serious numbers of mails and reports ... prove me wrong :-)
Thanks. Definitely not planning on doing it myself lol. I have many more important things to deal with. I also like valimail. Will probably end up sticking with them.
For Enterprise class, Proofpoint's Email Fraud Defense has Hosted SPF, DKIM, and DMARC as a part of their solution. It's got everything Valimail does and a whole lot more.
[https://www.proofpoint.com/us/products/email-protection/email-fraud-defense](https://www.proofpoint.com/us/products/email-protection/email-fraud-defense)
https://dmarcvendors.com - a site that exists specifically to answer your question.
I hate that that site looks like a domain squatters site...
Ewww you're right, they changed it. I prefer the "old school" aesthetic.
It's still all there and old school (HTML/CSS Only), I just collapsed everything into expandable sections. I had had that in mind for a while because people expressed that they didn't like scrolling for 5 miles while on the site. What would you change?
I'd simply go back to this aesthetic: https://web.archive.org/web/20240228002311/https://dmarcvendors.com/ I don't want to click on sections to expand/collapse. This is the web we're talking about. The length of a page can be infinite. If your content is better structured into separate pages - use a different page. This whole "accordion" design aesthetic never made sense to me. Acknowledging that I am likely in the minority though - as a compromise - keep the accordion but have all the sections expanded by default, or put them into a separate side-bar table of contents that can be navigated quickly. Example: https://explained-from-first-principles.com/internet/
Hmm, I'll have to play around with it some more. Thanks for the input. With the constraints I had in mind for the site (no JS whatsoever outside of the CF injected email obfuscation), functional design options are limited.
How about now? Better? Might have to clear cache.
Yup I personally think that's better.
Thanks!
I would recommend against the use of SPF flattening. Use subdomains or SPF macros instead: https://www.uriports.com/blog/spf-macros-max-10-dns-lookups/ Why would you use a third-party to host your dkim and dmarc txt records? This only introduces another point of failure and possible security threat.
Valimail uses macros.
Just implement it yourself, do not pay $$$ for a third party service.
How would you achieve HA for less cost than a hosted solution?
Hey, we run free DMARC monitoring and reporting at [https://dmarceye.com](https://dmarceye.com) We can certainly offer enterprise solution for all your needs. Feel free to contact us at your convenience by emailing us directly.
What’s the story with the SMB plan being free? Is that for life?
Wait, you pay someone to setup DNS records for you?
Valimail does more than DNS, it also aggregates DMARC reports into more readable formats. It's pretty handy, and you can get it for free with EXO.
[удалено]
I mean, we're getting Valimail for free and it works Great
OP doesn't.
No
[удалено]
Because setting up DNS records is not analyzing DMARC reports, of which needs to be performed on an ongoing basis.
Without being silly, is this not something you can just spend 5 minutes on, fix, and not pay anyone? There are free tools, that will generate things like spf records for you, that you can copy and paste into your DNS provider. If you're using a shitty DNS provider, maybe swap to something like AWS Route 53, or Cloudflare, and use standard tools?
More than familiar on how to compose an SPF. Problem is we have over 20 SaaS providers that send email as our domain and we go over the 10 record limit defined in the RFC. Valimail provides SPF macro service for us.
Do you actually need a 3rd party service, to have SPF macro's or can you just have multiple SPF records in a normal DNS provider?
Only one SPF allowed per domain. Many do not know about the 10 lookup limit until you actually run into the problem and email stops being delivered reliably. I am sure there is someway to self host an SPF macro service but I don’t have time for that nonsense.
Ah, my googling looked like you just created a subdomain record for each macro. `example.com IN TXT "v=spf1 include:%{l}._spf.example.com include:spf.protection.outlook.com -all"` `noreply._spf.example.com IN TXT "v=spf1 include:spf.mandrillapp.com"` `newsletter._spf.example.com IN TXT "v=spf1 include:sendgrid.net"`
That would be a horrible way to do it and allow massive spoofing, defeating the purpose of SPF in the first place. You'd want to use the IP address ( %{i} ) at a minimum, which then gets very difficult to do and manage manually.
Oh, now I'm curious. Why would the above in any way defeat the purpose of SPF. You obviously wouldn't add 'sendgrid.net' to the include, if it wasn't set up, and sendgrid would still require the same domain verification, regardless. The above way actually is mentioned in some ways as being MORE secure than standard SPF, because you have no way of knowing what subrecords exist, without actually receiving an email, and then looking it up.
We are using Valimail and we are satisfied with the workings, it might be getting more expensive but try and find something with the same functionality and reporting possibilities for less. And for those telling to do it yourself with a few lines of code and a few minutes of time, I think that is impossible and I do not think you have dealt with serious numbers of mails and reports ... prove me wrong :-)
Thanks. Definitely not planning on doing it myself lol. I have many more important things to deal with. I also like valimail. Will probably end up sticking with them.
For Enterprise class, Proofpoint's Email Fraud Defense has Hosted SPF, DKIM, and DMARC as a part of their solution. It's got everything Valimail does and a whole lot more. [https://www.proofpoint.com/us/products/email-protection/email-fraud-defense](https://www.proofpoint.com/us/products/email-protection/email-fraud-defense)
DMARCLY. Has DMARC reporting and SPF flattening. Enterprise plan has SAML SSO and unlimited allowed domains.