Remediation: apple.com
Scan #596 · 11 Feb 2026, 17:10 UTC · Achievable posture: Low Risk
Provider Quick Guide
- Log in to dash.cloudflare.com and select your domain
- Go to DNS → Records
- Click Add Record
- Select the Type shown below (TXT, CNAME, MX, etc.)
- Paste the Name (host) and Content (value) from each card below
- Set Proxy status to DNS only (grey cloud) for email records
- Click Save
- Log in to dcc.godaddy.com
- Select your domain, then click DNS (or Manage DNS)
- Scroll to DNS Records and click Add New Record
- Select the Type shown below
- In Name, enter the host (use
@for the root domain) - In Value, paste the record value from the card below
- Click Save
- Log in to your DNS hosting provider's control panel
- Navigate to DNS Management or Zone Editor
- Add a new record with the type, host, and value shown in each card below
- For the host field, use
@if your provider requires it for the root domain - Save and allow up to 24–48 hours for propagation (usually much faster)
DNS Records to Add or Update
Publish an MTA-STS DNS record and host a policy file at https://mta-sts.yourdomain.com/.well-known/mta-sts.txt. This tells senders to require TLS when delivering mail to your domain.
Your DMARC policy is quarantine — spoofed messages are flagged. Upgrading to p=reject blocks them entirely. Review aggregate reports to confirm legitimate senders are aligned.
TLS-RPT (TLS Reporting) sends you reports about TLS connection failures when other servers try to deliver mail to your domain. Helps diagnose MTA-STS and STARTTLS issues.
Manual Configuration Steps
DNSSEC (DNS Security Extensions) cryptographically signs DNS responses, preventing attackers from forging DNS answers. Contact your DNS hosting provider to enable DNSSEC signing.
RFC 4033 §2Done making changes?
After updating your DNS records, run a new scan to verify everything is correct. DNS changes typically propagate within minutes, but can take up to 48 hours.
Re-Scan apple.com