How to set up DKIM?

[Dkf]

I received two keys, an open key and a private key, from the easydmarc service.

I need to add the open key as a DNS TXT record.

But where should I add the private key? In Xenforo or somewhere on the server?

"Private key You must enter this key in your DKIM signer. It must be kept secret, as anyone with access to it can stamp tokens pretending to be you" - I didn't understand this...
Please help me.

Thank you.

 

[TPerry]

Are you on the cloud hosting or are you in a self-hosted environment?
Usually DKIM keys are entered (from my experience with self-hosting) at the DNS level. None of the services I use (Amazon SES and ZOHO email) require me to enter any DKIM data into XF itself.
For me, due to my use instance... I don't have DKIM enabled in the ACP and get excellent delivery.



The only hit I get is because the Amazon SES IP is listed in SORBS... something I have no control over. Yes, I could get a private IP for my Amazon SES account, but honestly, it does not affect overall deliverability in an over-arching manner.

The DKIM method used is probably more useful for a shared hosting environment, but I'm sure @Chris D may be able to add more to the discussion for the need of it.

 

[Slavik]

DKIM data into XF itself.

We allow DKIM information to be set in XenForo and passed via the mail handler if you are self-sending emails from your server and not passing it off to a 3rd party. If you are using a 3rd party you obviously set it via the DNS so lookups to the record show that youve authorized that 3rd party to send mail on your behalf.

 

[Slavik]

I received two keys, an open key and a private key, from the easydmarc service.

I need to add the open key as a DNS TXT record.

But where should I add the private key? In Xenforo or somewhere on the server?

"Private key You must enter this key in your DKIM signer. It must be kept secret, as anyone with access to it can stamp tokens pretending to be you" - I didn't understand this...
Please help me.

Thank you.

Go to Admin CP > Options > Mail > Advanced > Enable DKIM.

The records to set in your DNS will be provided automatically.

I have not used the easydmarc service so not sure if they require their specific keys to be used but the records provided by XenForo should work regardless.

 

[TPerry]

We allow DKIM information to be set in XenForo and passed via the mail handler if you are self-sending emails from your server and not passing it off to a 3rd party. If you are using a 3rd party you obviously set it via the DNS so lookups to the record show that youve authorized that 3rd party to send mail on your behalf.

Thanks or the reply... I'm sure many cloud users , and even some shared hosting (who don't review the documents) will appreciate it.
As for "cloud" use, I'm pretty sure that will apply, but for many that use shared hosting/VPS/3rd party options for sending, it's somewhat questionable as to what is needed.
It's a welcome acknowledgement that those that use 3'rd party services (such as Amazon SES) need to pursue different courses.
I honestly have not checked ANY of the cloud documentation, so as a simple dumb user of the base script I can only fall back to that.
I do know that long ago, trying to figure out how to get reliable email delivery by XF was like chasing cats in a box occupied by numerous puppies.
And honestly, my decision to utilize Amazon SES pretty much put shut to any issues I had... and honestly.. unless you are GiNormous in your site size... it's not an unreasonable cost to send reliable email to your members. And if you are actually large enough that i's an issue.. you should easily be able to monetize your site to off-set it.

 

[Slavik]

I honestly have not checked ANY of the cloud documentation

XenForo Cloud mail is signed by us as it passes through our mail server.

And honestly, my decision to utilize Amazon SES pretty much put shut to any issues I had... and honestly.. unless you are GiNormous in your site size... it's not an unreasonable cost to send reliable email to your members.

A lot of providers (apple I believe are a big issue for this) now will reject non signed mail, or send it to junk regardless of site size nowdays. So even small hobby sites realistically need a way to sign those outgoing mails to ensure basic deliverability.

 

[TPerry]

A lot of providers (apple I believe are a big issue for this) now will reject non signed mail, or send it to junk regardless of site size nowdays. So even small hobby sites realistically need a way to sign those outgoing mails to ensure basic deliverability.

Oh, I think if you check back on my post history... I'm VERY forward about how DKIM is an integral part of getting good mail delivery.
It (along with SPF and DMARC, never mind RDNS) are very important parts of reliable email delivery... we won't even get into the aspect of your sending MTA having a crap IP history (which many shared hosting clients face).
If one is going to host via VPS/Dedicated, and actually send email from their site (if in the case of a dedicated server by a VPS instance with a dedicated IP or with a separate VPS) then one has to simply make sure that IP IS clean and STAYS clean.
It's WELL more work than most are willing to engage in.. so it's frequently easier to obtain an outside service to send your email... but even then that is NOT guaranteed... as a simple case of my Amazon SES sending (since it's a shared IP)
The ONLY issue I have is because I use a shared Amazon SES IP and it's apparently been used by others to send crap.


Overall I'm not that unhappy with my 3rd party delivery ranking.



Pretty sure I do as well as (if not more so) than many XF cloud sites.


Yes, I could narrow it down and use a dedicated IP for SES and get it to a 10, but for my traffic level, I can't justify that... my email still gets delivered, even to Hotmail

 

[Dkf]

View attachment 285558

What is this service? Where is this picture from?

 

[Muddy Boots]

What is this service? Where is this picture from?

Newsletters spam test by mail-tester.com

mail-tester.com is a free online service that allows you to test your emails for Spam, Malformed Content and Mail Server Configuration problems

www.mail-tester.com

 

[Dkf]

Newsletters spam test by mail-tester.com

mail-tester.com is a free online service that allows you to test your emails for Spam, Malformed Content and Mail Server Configuration problems

www.mail-tester.com

Thank You!

 

[Black Tiger]

It (along with SPF and DMARC, never mind RDNS)

Never mind RDNS? Well not as a user on shared hosting, but for sure if you will get your own ip for your hosting or if you are running things on your own VPS or something.
In that case rDNS is even more important than DMARC.

 

[TPerry]

Never mind RDNS?

Yes,, it's important... but not earth shattering.... DMARC/SPF/DKIM are higher priority.
I think you got confused with the way of the phrasing... rDNS is also important..... but the others are even more so.
I've used several VPS providers that did not allow you to set the RDNS for the VM instance.... but those DKIM/DMARC/SPF can be done by ANYONE and HAVE to be done to get reliable email delivery.
rDNS is simply one more layer that provides authentication to the server, but it is of a lower priority than the listed 3 as it usually already exists and was set by your VPS provider when that IP was issued. Even the dedicated servers I had in the past had an existing rDNS configured (fitting their naming structure) by the provider that I could change to what I wanted.
Your site (on a VPS) may (and probably does) have the rDNS already configured by your hosting provider, with no ability for you to change it to fit whatever you have "named" your server.... and that's why I said rDNS is not as important, as usually it already exists and needs no input from the end user to configure.

 

[Black Tiger]

Yes,, it's important... but not earth shattering.... DMARC/SPF/DKIM are higher priority.

Certainly not if you run your own vps or server. then SPF/DKIM/DMARC is lower priority for sure.

I'm not confused, I'm assured that it's this way as it's my job. And I do see mails get refused because they get a high score (which raises the spam score) due to the fact that no rDNS is present nowadays. Just because too much spam is coming through, this got very important.

Mail will not get refused or get a high core by a lack of DMARC, especially not if SPF and DKIM is already present.
Next to that, having DMARC can even be worse on forwards. So DMARC is certainly not a required thing, it's good, but not in any case and it does NOT provide reliable email delivery as there is more chance of it going wrong on forwards of mails.
And most users even don't have a clue on setting up a good SPF and DMARC policy, and with things set to "none" you can just as well leave it out.
So no not anyone can do it. I've seem people reading about it and then creating a DMARC while not even having a DKIM record, which is a requirement for having DMARC. It's not just that plug and play easy as you make it out to be. Anyone can do it, but not anyone can do it that easy the correct way with the correct policies.

rDNS is simply one more layer that provides authentication to the server, but it is of a lower priority than the listed 3

You're absolutely wrong about this. If you can't have a rDNS setup throught the control panel of your VPS or through the company providing the VPS then it's CRAPPY provider and you should get away from there. Read the professional panel forums, it's happening all the time mail gets refused because lack of the rDNS/PTR record. You can wait for it to happen.

Again, on shared hosting rdns doesn't matter as the provider will already have set this up, so nobody has to care about it.

and that's why I said rDNS is not as important, as usually it already exists and needs no input from the end user to configure.

I didn't disagree about that, as you could see from my first line where I stated:

Well not as a user on shared hosting,

I was merely making an addition as people also start using their own VPS and maybe some try dedicated servers. And in that case they should know that rDNS is more important than DKIM or DMARC and even SPF, because mail wont'get blocked by not having SPF either. It raises the score a bit, but not as high as not having rDNS.

 

[TPerry]

I'm not confused, I'm assured that it's this way as it's my job. And I do see mails get refused because they get a high score (which raises the spam score) due to the fact that no rDNS is present nowadays. Just because too much spam is coming through, this got very important.

And I'm not confused either... the SIMPLE fact is... the majority of the hosting providers ALREADY provide a rDNS entry for the IP at their base level. YOU as an admin CAN change that rDNS to something specific for YOUR need... but the simple fact is, as long as the rDNS exists, it does NOT have to comport to ANY domain name that you use for email.

Mail will not get refused or get a high core by a lack of DMARC, especially not if SPF and DKIM is already present.

Wanna bet... Mickey Soft will kick it to the curb in a heartbeat... and if you try to argue otherwise, you show your ignorance. DKIM and SPF take a higher level of precedence for the ADMIN to configure than rDNS.
There are OTHER major email providers that will do the same... Google being one of them.
In fact, when I was on Digital Ocean (which is crap for email delivery) I had NO issues delivering to them and NEVER touched an rDNS entry for the VPS instance I was using... but I DID have delivery issues until I correctly set up DKIM/DMARC/SPF.

If you can't have a rDNS setup throught the control panel of your VPS or through the company providing the VPS then it's CRAPPY provider and you should get away from there.

And THIS indicates to me you REALLY aren't as familiar as you proclaim. Almost EVERY provider I ever used that did NOT allow rDNS entry at the client level STILL provided an rDNS entry at their base system level.. it may not be what YOU want it to be, but it still existed.
I agree, there ARE a few low end providers that don't do the base level rDNS entry configuration at their hosting level and don't offer it to their client... but honestly... I haven't come across one yet.

Again, on shared hosting rdns doesn't matter as the provider will already have set this up, so nobody has to care about it.

And we aren't talking about rDNS on a shared hosting environment.. in fact, in MANY cases in a shared hosting environment, you are already screwed because that IP has been trashed by others that utilize it.. so if you simply rely on rDNS, you are screwed. ****, even my Amazon SES IP (shared) is listed in Sorbs, and I can promise you it's not due to me.

I was merely making an addition as people also start using their own VPS and maybe some try dedicated servers. And in that case they should know that rDNS is more important than DKIM or DMARC and even SPF, because mail wont'get blocked by not having SPF either. It raises the score a bit, but not as high as not having rDNS.

I think you are under the assumption that providers give you an IP with no rDNS configured? Once more, I've come across maybe 1 in over 15 years that did that. The simple fact is, rDNS does NOT have to comport to a domain you configure.. it just needs to be an authoritative link to an existing IP.

 

[Black Tiger]

And THIS indicates to me you REALLY aren't as familiar as you proclaim.

Dude, why can't you just discuss without using capitals every time to force your words, it doesn't add anything.
Next to that, if what you're saying is the case then you only had crappy VPS providers, maybe in the states.
I also did not talk about client level!!

I mostly use dedicated servers and I know what I'm talking about, I'm a hosting provider for 15 years and I know what changed with mail in the loop of time. And I've never seen any server of vps provider yet which does not give the opportunity to set an rDNS. So maybe here in Europe we have better datacenters/providers in that case.

The simple fact is, rDNS does NOT have to comport to a domain you configure.. it just needs to be an authoritative link to an existing IP.

You might try and read better. I never said that rDNS has to comport to a domain one configures.
And I NEVER said one should use rDNS at client level, again, I repeatedly stated on shared hosting as a user it's not important because the hoster will have taken care of it.

Seems you don't know what you're making a mistake here too.
As for rDNS, that must be a from an existing ip to either the FQDN hostname or the MTA, mostly used is the servers hostname. Not the other way around.

As for an ip being used and screwed before.... been there done that also, a couple of times, and you can get off RBL's and build a good reputation if you know how to do it. And that does not start with DMARC. It starts with a good rDNS, and then SPF and if possible DKIM, becoming a member of SNDS and JMPR, using configuration to prevent spam attacks even when accounts get hacked.
So if people have sharing hosting on servers which have their ip's in RBL's, then they have hosters who are not doing their best to keep their servers out of it.

Further discussion has no use, you won't believe me either way since we seem to have different experiences.

But I know I can use a dedicated server or a VPS as admin and do not use SPF, DKIM or DMARC and I know my mail will get in to inboxes.
If I don't use an rDNS, it will either be refused or directly put into a spambox. Which prooves my point, people can test for themselves if they are root admin.
Start with rDNS, then add SPF and DKIM and you will be fine. DMARC is a nice extra, only if configured correctly and can lead to forward issues so at this moment it's a nice extra, nothing more, not required either.
And that was the only thing I was talking about, if you own a VPS or dedi yourself. If you call that a client, your confusing me because to me a client is a shared hosting client. A vps owner is an admin or vps customer, I never call that client.

 

[TPerry]

Next to that, if what you're saying is the case then you only had crappy VPS providers, maybe in the states.
I also did not talk about client level!!

Pretty much ALL content here is at a "client level" and not a "server admin provider" level. You see, most of the ones actually conversant in this topic will be those active in the topic nature at hand (as a VPS admin and not necessarily a "paid one"), not those that are relying on an outside party to provide the services for them....

And I've never seen any server of vps provider yet which does not give the opportunity to set an rDNS. So maybe here in Europe we have better datacenters/providers in that case.

And I HAVE seen those that don't "allow" it... but EVERY one that I have dealt with has had it set at their core infrastructure level, even if the end users could not "change" it.
THAT is the point I am referencing... you seem to think there is some "magic" that needs to be done by the admin to set a "specific" rDNS entry. Sorry, ALL the rDNS entry needs to do is point at an active DNS entry of a domain, and that domain does NOT have to be one you set, specifically in reference to your MTA. Is it better that it does.. sure... but it's not required... otherwise, how do you think multiple domains can send email from one base IP with a specific rDNS entry.
The simple fact is, one maps the IP to a domain, the other maps the domain to an IP. And those don't have to be the same.

As for rDNS, that must be a from an existing ip to either the FQDN hostname or the MTA, mostly used is the servers hostname. Not the other way around.

Once more it is NOT required to be an MTA...ALL it is required to be in a pointer at an existing domain, which EVERY VPS provider I've used since the mid 1980's has set by default. It may not be a "custom" domain that you personally want to use for the rDNS, but it DOES exist, and there ARE DNS entries in relation to it. Some of those allowed me to change it to what I wanted... but honestly, that is NOT required.

But I know I can use a dedicated server or a VPS as admin and do not use SPF, DKIM or DMARC and I know my mail will get in to inboxes.

And I'll call BS here.. you will NEVER deliver reliable email to Hotmail (much less several other major providers) based upon that.... and THAT is a simple fact of life that almost EVERY admin (even those on shared hosting) have had issues with.
Even Google will tell you sending without DKIM at least will likely result in your email being marked as spam... and yeah, isn't that what we ALL want, our email ending up in the spam folder....
As I've said... rDNS is one factor... and regularly that factor is taken care of being set by the provider... now, care to show me where ANY VPS provider sets your DMAR/DKIM/SPF up for you... and I'm pretty sure I've been doing this as long as you have... and have dealt with (not only for me, but for others I've assisted) issues of reliable delivery that were NOT resolved until the base DKIM/SPF requirements were provided to get reliable email delivery. The simple fact that you try to proclaim that simple rDNS is ALL you need to get reliable email delivery goes against what my first hand experience has shown AND what most other professionals state.

 

[Black Tiger]

Pretty much ALL content here is at a "client level" and not a "server admin provider" level.

Correct, but as said, my first comment was only an addition in case they would use their own VPS or dedi (and such becoming a server admin).

Sorry, ALL the rDNS entry needs to do is point at an active DNS entry of a domain, and that domain does NOT have to be one you set, specifically in reference to your MTA. Is it better that it does.. sure... but it's not required... otherwise, how do you think multiple domains can send email from one base IP with a specific rDNS entry.

You're confusing things. The rDNS is just NOT pointing to some active DNS entry of a domain. For things to work correctly it needs to point to (preferable) the hostname of the server, like server.domain.com or the MTA, in which I mean for example mail.domain.com, being the name of the mailserver which you see when the HELO/EHLO takes place.
Is it required? No and I never said it was, neither is SPF/DKIM/DMARC, but rDNS is the first thing to do if you want to have your mail delivered correcly, that is what I said. Without rDNS mail will dissapear or get into spambox for sure.
As for the other domains, it doesn't matter, they all send via that ip and if you look at the header of the mail, you will see the hostname too, next to the domain which is used the send the mail (which indeed can be any domain on the server).

But the thing I was talking about extra, was if you have a domain on a server and you get your own ip with it (so seperate from the shared ip so you won't use the shared ip), then it can be even a more differenet situation. But lets forget about that, because that happens very little.

Once more it is NOT required to be an MTA...ALL it is required to be in a pointer at an existing domain,

WRONG!! And please don't put words in my mouth every time which I never said. I didn't say rDNS is required.
I said that if you use rDNS it muts be pointing to either the server's hostname or the MTA. We're talking mail delivery here, not general stuff.
The rDNS, also called PTR can point to a domain name (certainly not a pointer!) but is almost solely used for good mail delivery and hence almost only used to refer to the system sending mail, hence like said, hostname or mta helo name.
Please stop arguing with me about this, because I know what it's a about, using it as professional hoster for 15 years as said. I know what I'm talking about when it's about mail delivery.

And I'll call BS here.. you will NEVER deliver reliable email to Hotmail (much less several other major providers) based upon that.... and THAT is a simple fact of life that almost EVERY admin (even those on shared hosting) have had issues with.

Well BS yourselve, otherwise explain how I have been able to do it with only rDNS and SPF setup? For years! Before I started using DKIM and we still don't use DMARC for everybody. People can, but don't use it, I only use it for my own domains, and I know it's giving forward issues, which you are afraid to get into, because I didn't here you about that, while it's a known fact of DMARC usage.

As for Google. Try to send a mail to Google without a correctly setup rDNS... goodbye.

The simple fact that you try to proclaim that simple rDNS is ALL you need to get reliable email delivery goes against what my first hand experience has shown AND what most other professionals state.

Again putting words into my mouth which I never said. Read better what it says, don't write what you THINK it says.
I've said to use that as a test that rDNS/PTR is needed for reliable mail delivery above SPF and DKIM.
Ofcourse best practice is to use the combination of all, but without DMARC as this still has the forward problem.

And your first hand experience, does not weigh agains professional experience for years, that is a fact too.
First work as root admin with a shared hosting server yourselve, before telling others which have optimal mailservers for many years (without being in RBL's either) that they are wrong.

 

[TPerry]

The rDNS is just NOT pointing to some active DNS entry of a domain

No, there is NO confusion here.. rDNS simply points an IP at a specific domain... doesn't require that domain to be set by YOU... it can be set by ANYONE (in this case specifically the provider of the VPS/dedi and IP), as long as it's listed as a valid rDNS entry that points a current IP at a valid domain name. The simple fact is, it does NOT need to point at the MTA.. it simply needs to point an an authoritative domain that is valid for a specific IP, and that domain DNS record needs to exist.
The simple fact is.. with MANY providers, they already set the rDNS by default using some of the bull-crap sub-domains that their system auto-creates... and that is PERFECTLY valid for need of rDNS. There is NO need to you to go in and create a "custom" rDNS entry. THAT is my point.
DKIM/DMARC/SPF is a higher priority than massaging an rDNS to make you feel warm and fuzzy because it points at an MTA you created, even though that hosting provider STILL has a DNS entry for that IP and has an existing rDNS entry already for it, albeit not one that gives you the "happy happy joy joy" dance.
As I said earlier.. I've NEVER come across a VPS (nor dedicated) hosting service that did not be DEFAULT create rDNS entry upon setting up your environment. Could there be some out there? Yep... but we ALL know that there are folks out here that are claiming to be "expurts" when by their statements/actions, that fact is called into question. The ONLY time I did not have rDNS entries created was when using ProxMox and using IP's out of my block to create VPS's... I did have to do that manually.. but again, yes, it could have been automated if I was "selling" that service. But since I wasn't I could manually create them... but the simple fact remains, the MAIN IP of the bare metal server had an rDNS configured by the provider at time of issuance (and no, this was NOT a "cheap" provider - at the time it was like $275 a month and that was about 8 years ago).

Please stop arguing with me about this, because I know what it's a about, using it as professional hoster for 15 years as said. I know what I'm talking about when it's about mail delivery.

Welcome to the club... I've been doing it slightly longer (dealing with it directly). AND I know the simple fact is, if you are trying to say all you have to have an rDNS that points at your specific MTA to get great mail delivery, you are full of a substance we shall not mention.
ALL that the rDNS needs to do is point an IP at a valid domain. It does NOT have to be "your MTA" or ANY domain/subdomain you configure. It simply needs to point to an authoritative domain (you know, one that has an actual DNS entry pointing back to that IP).

Well BS yourselve, otherwise explain how I have been able to do it with only rDNS and SPF setup? For years! Before I started using DKIM and we still don't use DMARC for everybody.

Once more.... DMARC is the BOTTOM level, and is NOT required, but it DOES help.
Care to show us your email deliverability from a domain that's not using DKIM and SPF using Mail-Tester.



Oh wow.. look what this commonly accepted testing tool actually tests against and (per industry standards) warns you if you don't have.



Oh look... I didn't have to set an rDNS entry.. since it's already taken care of (yes, I use an outside provider - and the point is most VPS/dedi providers have a default rDNS assigned), but guess what.. it's not associated with "my" MTA (which is actually PostFix on the server that hosts the sites, but does not "send" mail except by relay to a few specific email addresses).



And Wow... guess Amazon doesn't know what they are doing since they don't publish an SPF, even though I do for my domain (which has nothing to do with rDNS and EVERYTHING to do with your DNS entries).

The point was (and remains) that the majority of VPS/dedicated server providers have default rDNS entries they assign... you can change (usually) those to other custom entries (but the default ones will work fine).. but without DKIM/DMARC/SPF your email delivery is going to suffer. You may be getting adequate (which I seriously doubt) email delivery without DKIM/DMARC/SPF, but your email delivery will be MUCH better if you utilize it and not only the simple fact of having an rDNS entry. And if you want to try to argue that point simple research by those that deal with effective email delivery will simply show you wrong.

 

[Black Tiger]

The simple fact is.. with MANY providers, they already set the rDNS by default using some of the bull-crap sub-domains that their system auto-creates...

Hahaha... you really don't understand the situation here.
They auto-create the hostname, which indeed can look bull-crap to you, but it's a hostname, same for the rDNS to this hostname (if even created).
Ofcourse it's expected that the hostname and rDNS is changed. But this only prooves my point that it's better to have something then nothing at all.
Even a crappy hostname with rdns is still a fqdn hostname with correct rdns/ptr record.

As I said earlier.. I've NEVER come across a VPS (nor dedicated) hosting service that did not be DEFAULT create rDNS entry upon setting up your environment.

Well that looks contrary to what you said before where it could not be setup. It logical that it's created because it takes care of things, but it's not optimal.

AND I know the simple fact is, if you are trying to say all you have to have an rDNS that points at your specific MTA to get great mail delivery, you are full of a substance we shall not mention.

Fat BS! I never said that. Agiain stop placing bs in my mouth which I didn't say. I merely explained that an rDNS is more important than a DMARC record, from which you continuously said it's more important.
And now suddenly this:

Once more.... DMARC is the BOTTOM level, and is NOT required, but it DOES help.

Which is what I said before, not what you said!!

As for your test with mailtester... LoL... did you see this?
"Your server is succesfully accociated with..."... well there you got the rDNS to the mailserver. I rest my case.

To just make clear my points of view as HOW THEY ARE and not as how YOU THINK they are.

1.) Nothing is required to send mail, you can send mail with any system, however, arrival of the mail at the destiny is questionable.
2.) For good mail delivery required are at least:
- rDNS record
Best is:

• rDNS record
• SPF record
• DKIM record

3.) DMARC is a nice extra, but can give issues on forwards.

And have a look at this if know what it does:

EASY_LIMIT = 55
EASY_IS_SPAM = 20
EASY_HIGH_SCORE_DROP = 100
EASY_SPF_PASS = -30
EASY_SPF_SOFT_FAIL = 30
EASY_SPF_FAIL = 100
EASY_DKIM_PASS = -20
EASY_DKIM_FAIL = 100
EASY_NO_REVERSE_IP = 100
EASY_FORWARD_CONFIRMED_RDNS = -10
EASY_DNS_BLACKLIST = 50
EASY_SPAMASSASSIN_MAX_SIZE = 200K

As you can see this prooves an rDNS is at least as important as SPF and DKIM. And not like you said that SPF/DKIM/DMARC is more important. Even stronger DMARC is a lot less important, it's a nice extra.
You can even see that SPF is seen as more important than DKIM because it has a higher minus value on pass.

That is just how things work in the hosting work. If you don't believe it, become a provider yourself.
And that's what I'm saying, and not what you are stating that I would be saying.

I rest my case.

 

[TPerry]

Hahaha... you really don't understand the situation here.
They auto-create the hostname, which indeed can look bull-crap to you, but it's a hostname, same for the rDNS to this hostname (if even created).
Ofcourse it's expected that the hostname and rDNS is changed. But this only prooves my point that it's better to have something then nothing at all.
Even a crappy hostname with rdns is still a fqdn hostname with correct rdns/ptr record.

Yeah.. they create it, and the one they create is a VALID and USABLE rDNS entry.. and if you actually think that it matters whether you define it to a custom DNS entry that YOU create or what they provide, and that the authoritative function is ANY different.. then you show your "knowledge" (or actually lack thereof).
ALL that is important is that the IP points at an existing domain name (via the rDNS entry) and THAT domain name points at the same IP as the
rDNS entry.
It doesn't matter whether you create a custom one or not. It REALLY doesn't matter WHAT it shows as. The simple fact is the PTR (rDNS) needs to point at the same DNS entry as defined.

Fat BS! I never said that. Agiain stop placing bs in my mouth which I didn't say. I merely explained that an rDNS is more important than a DMARC record, from which you continuously said it's more important.

I agree... DMARC is down on the list... and I CLEARLY stated such.. but SPF/DKIM is WELL above rDNS, which is usually set by your VPS/dedi (as I have repeatedly said) already, and which is my my original statement was what it was... YOU apparently "ass"umed that I meant that rDNS was of no concern... and for the actual admin it's not, as it's typically already set for them. The only time it may be of concern is if the admin may want to massage their ego and set a "custom" one. Most providers really don't care as long as the rDNS matches the actual DNS entry.
I see you have yet to show your "fantastic" email delivery ability without using SPF/DKIM and ONLY rDNS on a domain that is confirmed to not have such.

If you don't believe it, become a provider yourself.

Already done that aspect in many different situations... over the last (almost) 20 years... and hosted my own mail on my own mailcow-dockerized instance for a couple of years and saw how crappy the delivery rate was due to the fact that even with having the SPF/DKIM/rDNS/DMARC (in order for you to see priority of) the mail delivery regularly failed to several of the major ISP's (ComCast,Yahoo, Microsoft at the forefront).
If you are running an MTA from a VPS or even a dedicated server, you have a LONG row to how, because depending on the service provider, your IP may have the "quality" of a pile of bull offal. In fact, if you go to ANY VPS from LiNode/Digtial Ocean (and several other providers the MAJORITY of the participants here will use) you are going to have that issue.... in fact, DO (and this applies to both VPS and their dedicated offerings) is basically BLOCKED for many ISP/Mail Receptors to receive mail from. In fact, it's gotten so bad with DO that they finally have basically blocked SMTP access.
You see.. the majority of the folks here aren't going to go out and grab a $200-$400 server from a "top tier" provider that can guarantee a clean IP for mail (or even their beginning site).. .they are simply going to go with what they can afford. And honestly.. most now are NOT going to go through the trouble of hosting their own MTA once they grow, as there are WAY to many 3rd party providers that offer MUCH more benefit.
It's why I dumped my MTA setup and moved over to Amazon SES.

I rest my case.

Feel free to do so once you show all of us your "perfect" email delivery from an MTA that has NO DMARC/DKIM/SPF and ONLY rDNS entry utilizing the commonly accepted service I pointed out to you earlier.