Mail Deliverability

Last updated

/jabali-admin/mail/deliverability. Per-domain view of the DNS records and policies that govern outbound mail reputation.

Columns

  • Domain: every domain on the panel that has mail enabled.
  • DKIM: present / absent at the panel; published / missing at the public resolver. Selector visible on hover.
  • SPF: record exists; soft-fail (~all) or hard-fail (-all) verdict; warnings if the record references too many includes (RFC 7208 §4.6.4 limit of 10 DNS lookups).
  • DMARC: record exists; policy (none, quarantine, reject); reporting addresses (rua / ruf) parsed.
  • MTA-STS: TXT record, policy file, MX-host alignment. See ADR-0109.
  • Reverse DNS: PTR for the server’s primary mail IP resolves to the panel hostname (gold standard for SMTP acceptance at major providers).

Per-row actions

  • Rotate DKIM: generate a new DKIM key, publish the new DNS record, retain the old key on a configured grace period (default 7 days) so already-signed in-flight mail still validates.
  • Re-publish records: re-write the panel’s recommended SPF, DMARC, and MTA-STS records into the zone if the operator manually edited them.
  • View inbound reports: Stalwart ingests TLS-RPT, MTA-STS-RPT, and DMARC aggregate reports (M47 Wave 2). The row drills into a per-domain reports panel with sender reputations, failure reasons, and trend lines.

Color coding

  • Green: all four (DKIM, SPF, DMARC, MTA-STS) present and aligned.
  • Amber: DKIM and SPF present, DMARC missing or p=none.
  • Red: DKIM missing or SPF missing, mail from this domain is likely to be rejected or quarantined by major receivers.

Why this page exists

A new operator typically has SPF and DKIM set automatically when the domain is added, but DMARC and MTA-STS are opt-in. This page surfaces what is missing in one glance instead of forcing a per-domain DNS audit.

CLI

jabali domain email dkim-rotate <domain>