I’ve now implemented a basic security and email authentication setup for the site. I added a security.txt file at /.well-known/security.txt, which includes a temporary contact email and a GPG key for encrypted submissions. The file is designed to rotate quarterly using Cloudflare’s catchall email feature. I also updated the DNS settings to include SPF and DMARC records—currently in monitoring mode (p=none) with reports sent to both Cloudflare and an internal address. DKIM has been added as well. Some alert noise is expected from tools like Cloudflare due to minor misalignments—MailPoet doesn’t fully sign outbound mail, and Gmail’s free tier has limitations. This setup gives me a solid foundation for secure messaging and vulnerability reporting.
Set Up Security.txt and Email Authentication Records (SPF, DKIM, DMARC)
Published incompleted
