hilltothesouth
Forum Replies Created
-
@asabo @firstfitnut @chanecullens
I see this thread hasn’t been replied to in more than a month, so I’ll tell you what I’ve learned.
After sending one of their support engineers some sample emails from my domain that failed SPF alignment, this is the response I got back:
I talked to our devs about it and I confirmed that we do not provide SPF alignment with our Sending Service so what you are seeing is expected and it shouldn’t be an issue.
MailPoet Technical SupportBecause of this, I decided to forego using SPF at all, since DMARC requires only one of SPF and DKIM to pass anyway. So I set up DKIM with the Sending Service, and set my SPF policy to the following:
v=spf1 ?all. This means that all IP addresses neither pass nor fail SPF (neutral result). This essentially forces DMARC checks to rely exclusively on DKIM alignment, which works perfectly fine with the Sending Service.DKIM also works better when emails are forwarded anyway, so I think this is ultimately a better setup, with or without the Sending Service.
Thanks to MailPoet Support for taking time from their devs to answer this question for us free tier users.
Sure, @geraltrivia (hey, nice username). Is there any way I can send that information to you in private? Let’s just say I’m a bit paranoid about posting information publicly.
Thanks.
HSTS and/or Upgrade-Insecure-Requests should probably be available for the free version.
X-XSS-Protection too.And these secure cookie settings:
https://really-simple-ssl.com/secure-cookies-with-httponly-secure-and-use_only_cookies/I think these basic security features that should be enabled on every website should not be behind a paywall.