From dd0e55c9d6a81f667fe8d8195e03a7a6087398d4 Mon Sep 17 00:00:00 2001
From: daragh <daraghdownes12@gmail.com>
Date: Thu, 19 Oct 2023 23:51:23 +0100
Subject: [PATCH] added dmarc policy- relaxed for now but can be made more
 strict if needed

---
 applications/email.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/applications/email.nix b/applications/email.nix
index 41c9b3b..b7b07bc 100644
--- a/applications/email.nix
+++ b/applications/email.nix
@@ -145,7 +145,11 @@ in {
       {
         record = "_dmarc.${cfg.domain}.";
         r_type = "TXT";
-        value = ''"v=DMARC1; p=none"'';
+        value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=r; aspf=r; sp=none"'';
+        #sp value which is left out , for different dmarc policy for subdomains
+        #quarantine = sends to spam, reject = never sent
+        #pct = percent of emails passed through dmarc, might want to be lower than 100 for testing
+        #adkim, aspf see https://support.google.com/a/answer/10032169#zippy=%2Cdmarc-record-tag-definitions-and-values
       }
 
       # reverse pointer