.planning/phases/06-signing-flow/06-06-dns-check.md

# DNS Email Authentication Status — teressacopelandhomes.com
Date checked: 2026-03-20

## Record Status

| Record | Status  | Details |
|--------|---------|---------|
| SPF    | MISSING | No TXT records at root domain. No v=spf1 record found. |
| DKIM   | MISSING | NXDOMAIN for all common selectors (google, default, mail, zoho). |
| DMARC  | EXISTS  | `v=DMARC1; p=quarantine; adkim=r; aspf=r; rua=mailto:dmarc_rua@onsecureserver.net` — note: policy is p=quarantine (strict), rua points to hosting server default (not teressa@). Recommend changing rua to teressa@teressacopelandhomes.com. |
| MX     | MISSING | No MX records configured. |

## DNS Provider
GoDaddy (nameservers: ns63.domaincontrol.com, ns64.domaincontrol.com)

## SMTP Status
- Host: smtp.gmail.com:587
- Credentials: PLACEHOLDER — CONTACT_EMAIL_USER and CONTACT_EMAIL_PASS in .env.local are still set to `your_email@example.com` / `your_app_password`
- SMTP test: FAILED (Invalid login — placeholder credentials)

## Required Actions Before Sending Real Client Signing Links

1. **SPF (CRITICAL — MISSING)**: Add TXT record at root (@):
   - Value: `v=spf1 include:_spf.google.com ~all` (if using Gmail/Google Workspace)
   - GoDaddy: DNS Management > Add Record > Type: TXT, Host: @

2. **DKIM (CRITICAL — MISSING)**: Generate DKIM key in your email provider:
   - Google Workspace: Admin > Apps > Google Workspace > Gmail > Authenticate Email
   - Copy the TXT record they provide and add it to GoDaddy DNS at [selector]._domainkey

3. **DMARC (EXISTS but needs update)**:
   - Current: `p=quarantine` with hosting-default rua address
   - Recommended: Update rua to `mailto:teressa@teressacopelandhomes.com`
   - Or add new record: `v=DMARC1; p=none; rua=mailto:teressa@teressacopelandhomes.com`

4. **SMTP credentials (CRITICAL — MISSING)**: Update .env.local:
   - `CONTACT_EMAIL_USER` = your Google/Gmail address (e.g., teressa@teressacopelandhomes.com or Gmail)
   - `CONTACT_EMAIL_PASS` = Google App Password (not your Google account password)
   - Generate at: https://myaccount.google.com/apppasswords

5. **MX records**: Configure if not already done via hosting provider (needed for receiving email at the domain).

## Verify with MXToolbox After Changes
- SPF: https://mxtoolbox.com/spf.aspx
- DKIM: https://mxtoolbox.com/dkim.aspx (enter domain + selector)
- DMARC: https://mxtoolbox.com/dmarc.aspx
chore(06-06): automated DNS verification check results - SPF: MISSING — no TXT records at root domain - DKIM: MISSING — NXDOMAIN for all common selectors - DMARC: EXISTS but rua points to hosting default, not teressa@ - SMTP: credentials still placeholder in .env.local - DNS provider: GoDaddy (ns63/ns64.domaincontrol.com) 2026-03-20 11:46:49 -06:00			`# DNS Email Authentication Status — teressacopelandhomes.com`
			`Date checked: 2026-03-20`

			`## Record Status`

			`\| Record \| Status \| Details \|`
			`\|--------\|---------\|---------\|`
			`\| SPF \| MISSING \| No TXT records at root domain. No v=spf1 record found. \|`
			`\| DKIM \| MISSING \| NXDOMAIN for all common selectors (google, default, mail, zoho). \|`
			\| DMARC \| EXISTS \| `v=DMARC1; p=quarantine; adkim=r; aspf=r; rua=mailto:dmarc_rua@onsecureserver.net` — note: policy is p=quarantine (strict), rua points to hosting server default (not teressa@). Recommend changing rua to teressa@teressacopelandhomes.com. \|
			`\| MX \| MISSING \| No MX records configured. \|`

			`## DNS Provider`
			`GoDaddy (nameservers: ns63.domaincontrol.com, ns64.domaincontrol.com)`

			`## SMTP Status`
			`- Host: smtp.gmail.com:587`
			- Credentials: PLACEHOLDER — CONTACT_EMAIL_USER and CONTACT_EMAIL_PASS in .env.local are still set to `your_email@example.com` / `your_app_password`
			`- SMTP test: FAILED (Invalid login — placeholder credentials)`

			`## Required Actions Before Sending Real Client Signing Links`

			`1. SPF (CRITICAL — MISSING): Add TXT record at root (@):`
			- Value: `v=spf1 include:_spf.google.com ~all` (if using Gmail/Google Workspace)
			`- GoDaddy: DNS Management > Add Record > Type: TXT, Host: @`

			`2. DKIM (CRITICAL — MISSING): Generate DKIM key in your email provider:`
			`- Google Workspace: Admin > Apps > Google Workspace > Gmail > Authenticate Email`
			`- Copy the TXT record they provide and add it to GoDaddy DNS at [selector]._domainkey`

			`3. DMARC (EXISTS but needs update):`
			- Current: `p=quarantine` with hosting-default rua address
			- Recommended: Update rua to `mailto:teressa@teressacopelandhomes.com`
			- Or add new record: `v=DMARC1; p=none; rua=mailto:teressa@teressacopelandhomes.com`

			`4. SMTP credentials (CRITICAL — MISSING): Update .env.local:`
			- `CONTACT_EMAIL_USER` = your Google/Gmail address (e.g., teressa@teressacopelandhomes.com or Gmail)
			- `CONTACT_EMAIL_PASS` = Google App Password (not your Google account password)
			`- Generate at: https://myaccount.google.com/apppasswords`

			`5. MX records: Configure if not already done via hosting provider (needed for receiving email at the domain).`

			`## Verify with MXToolbox After Changes`
			`- SPF: https://mxtoolbox.com/spf.aspx`
			`- DKIM: https://mxtoolbox.com/dkim.aspx (enter domain + selector)`
			`- DMARC: https://mxtoolbox.com/dmarc.aspx`