Harden DMARC and SPF rules

Hopefully people still get my emails...
2022-09-22 21:26:26 +01:00 · 2022-09-22 21:26:26 +01:00 · 8c1f088b19
commit 8c1f088b19
parent 6268c0f451
2 changed files with 6 additions and 6 deletions
--- a/terraform/jakehoward.tech.tf
+++ b/terraform/jakehoward.tech.tf
@ -23,7 +23,7 @@ resource "cloudflare_record" "jakehowardtech_mx2" {
 resource "cloudflare_record" "jakehowardtech_txt" {
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "@"
-  value   = "v=spf1 include:spf.messagingengine.com ~all"
+  value   = "v=spf1 include:spf.messagingengine.com -all"
  type    = "TXT"
  ttl     = 1
 }
@ -55,7 +55,7 @@ resource "cloudflare_record" "jakehowardtech_dkim_fm3" {
 resource "cloudflare_record" "jakehowardtech_dmarc" {
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "_dmarc"
-  value   = "v=DMARC1; p=quarantine; rua=mailto:dmarc-report@jakehoward.tech;"
+  value   = "v=DMARC1; pct=100; p=quarantine; rua=mailto:dmarc-report@jakehoward.tech;"
  type    = "TXT"
  ttl     = 1
 }
@ -167,7 +167,7 @@ resource "cloudflare_record" "jakehowardtech_auth" {
 resource "cloudflare_record" "jakehowardtech_mailgun_spf" {
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "mg"
-  value   = "v=spf1 include:mailgun.org ~all"
+  value   = "v=spf1 include:mailgun.org -all"
  type    = "TXT"
  ttl     = 1
 }
--- a/terraform/theorangeone.net.tf
+++ b/terraform/theorangeone.net.tf
@ -47,7 +47,7 @@ resource "cloudflare_record" "theorangeonenet_mx2" {
 resource "cloudflare_record" "theorangeonenet_spf" {
  zone_id = cloudflare_zone.theorangeonenet.id
  name    = "@"
-  value   = "v=spf1 include:spf.messagingengine.com ~all"
+  value   = "v=spf1 include:spf.messagingengine.com -all"
  type    = "TXT"
  ttl     = 1
 }
@ -79,7 +79,7 @@ resource "cloudflare_record" "theorangeonenet_dkim_fm3" {
 resource "cloudflare_record" "theorangeonenet_dmarc" {
  zone_id = cloudflare_zone.theorangeonenet.id
  name    = "_dmarc"
-  value   = "v=DMARC1; p=quarantine; rua=mailto:dmarc-report@jakehoward.tech;"
+  value   = "v=DMARC1; pct=100; p=quarantine; rua=mailto:dmarc-report@jakehoward.tech;"
  type    = "TXT"
  ttl     = 1
 }
@ -232,7 +232,7 @@ resource "cloudflare_record" "theorangeonenet_commento" {
 resource "cloudflare_record" "theorangeonenet_mailgun_spf" {
  zone_id = cloudflare_zone.theorangeonenet.id
  name    = "mg"
-  value   = "v=spf1 include:mailgun.org ~all"
+  value   = "v=spf1 include:mailgun.org -all"
  type    = "TXT"
  ttl     = 1
 }