I host my own #email on a cheap (<$10/mo) VPS.

Technically, I deployed postfix with the default configuration, published #SPF records and sign with #DKIM.

I am an email expert, but the only experty things I did were to not host on a provider like OVH that seems to specialize in hosting spammers, not to allow my users to send spam, nor to forward spam.

That's all. And my #deliverability is just fine, with no particular effort involved.

When I set up #SPF years ago, I was happy that it blocked so much #spam. Then I moved to requiring matching reverse DNS records (which I still have mixed feelings about) and that blocked all that spam and more.

After several days of having #DKIM and #DMARC verifiers, I observed only one piece of spam being blocked by these (with SPF also failing), while all professional spammers have valid DKIM signatures.

Maybe I should write more #email so I experience my messages being blocked or not.

You've done the right thing by your organization and made sure that #DMARC and #SPF (sender policy framework) records are set in an effort to reduce email spoofing, but all that good work could be undone if the SPF is too permissive in the stated IP range.

Such a situation was pointed out by Can I Phish CEO Sebastian Salla who scanned 1.8 million Australian domain records in search of #email #security snafus.

To read the complete article see:

https://www.zdnet.com/article/check-your-spf-records-wide-ip-ranges-undo-email-security-and-make-for-tasty-phishes/