Remediation: freebsd.org
Scan #659 · 12 Feb 2026, 16:16 UTC · Achievable posture: Low Risk
Provider Quick Guide
- Log in to dash.cloudflare.com and select your domain
- Go to DNS → Records
- Click Add Record
- Select the Type shown below (TXT, CNAME, MX, etc.)
- Paste the Name (host) and Content (value) from each card below
- Set Proxy status to DNS only (grey cloud) for email records
- Click Save
- Log in to dcc.godaddy.com
- Select your domain, then click DNS (or Manage DNS)
- Scroll to DNS Records and click Add New Record
- Select the Type shown below
- In Name, enter the host (use
@for the root domain) - In Value, paste the record value from the card below
- Click Save
- Log in to your DNS hosting provider's control panel
- Navigate to DNS Management or Zone Editor
- Add a new record with the type, host, and value shown in each card below
- For the host field, use
@if your provider requires it for the root domain - Save and allow up to 24–48 hours for propagation (usually much faster)
DNS Records to Add or Update
Change your DMARC policy from p=none to p=quarantine (then p=reject). Review your DMARC aggregate reports first to ensure legitimate senders pass authentication.
Publish an MTA-STS DNS record and host a policy file at https://mta-sts.freebsd.org/.well-known/mta-sts.txt. This tells senders to require TLS when delivering mail to your domain.
Your domain has DNSSEC + DANE — the strongest email transport security available. TLS-RPT adds operational visibility by reporting when sending servers fail DANE validation or encounter STARTTLS issues delivering to your MX hosts. It does not add security — it monitors the security you already have.
Done making changes?
After updating your DNS records, run a new scan to verify everything is correct. DNS changes typically propagate within minutes, but can take up to 48 hours.
Re-Scan freebsd.org