Trying to get my head around spf and dmarc. Once again trying to lessen my dependence on Google, but have my whole family hanging on the same domain which complicates things a bit
@sldrant It's a pain, but I got it all to worm on my domain. I found some good sites and instructions in the end... I may have even bookmarked them somewhere...
@sldrant could always buy a cheap domain to test with
I think .ovh is still a couple £/$/€
@Dragon I I have the domain, and a server. Challenge is mixing some on private server and some family using Gmail. Can't work out if forwarding mail to Gmail needs any more config from spf or not. Wife has issues receiving some mail (could of course be that sender and not her 
)
@sldrant Yes forwarding mail is a right pain in the backside especially so with the big providers like Gmail.
The cheap domain suggest was so you can test and get everything working as expected before migrating the main domain over.
You can actually setup mail on a subdomain as well just most people don't expect that.
@Dragon it was mostly working before without most of that, apart for my wife who doesn't get some emails. Think I've got spf sorted now
@sldrant You can forget DMARC. It's not necessary, designed around corporate needs, and breaks participation in mailing lists. SPF is really easy, just allow the hostnames/IPs you want to allow to send mail with your domain on the envelope.
@dalias spf does look straightforward. Dmarc I'm really not sure about, and dkim might be too far (or may have to move all family smtp to my server instead of their own Gmail etc, though not sure how they have it configured really)
@sldrant DKIM I also dislike: it provides nonrepudiation, meaning if someone leaks your emails there's cryptographic proof of authenticity. Another corporate oriented, dubious for normal ppl thing. And you can totally do without it.
@sldrant I've created this free service to help you understand, visualize, and help you set up email authentication: https://LearnDMARC.com. Don't listen to people that say you don't need them. Expert groups like the M3AAWG have set best practices for a reason. It is all for the greater good to protect against spoofing and phishing. I've done a ton of blogs on the subject at https://URIports.com/blog.
@freddieleeman thanks, that's actually really helpful. Figuring out some of the processing by reading headers is possible, but this is much easier!
@freddieleeman at some point I'll have to move family over to my own smtp and add dkim.
What I can't figure out is if I need to do anything to forward mail to other mailboxes (Google mostly) for them. Spf/dkim are all about senders, but my wife has issues receiving email from some people (it could be those people are the issue too of course)
@sldrant if you want to forward from your personal server, have a look at SRS rewrite. https://en.m.wikipedia.org/wiki/Sender_Rewriting_Scheme
@freddieleeman is SRS required if I'm just forwarding to a different To: address?
Doewl SPF assume all mail arrives via a direct route, so the smtp ip has to be the SPF allowed domains?
Maybe it's simpler to have Gmail pull from my hosted mailbox instead, this would achieve the same end result...
@sldrant Yes, because you are not rewriting the From address. Your forwarding server's IP will be the new source, that will cause SPF to fail. Having Gmail pull the mail will be way better and easier.
@freddieleeman thanks. May explain some of my wife's mail not arriving, though strange that I've never had an issue with the same setup