{"id":3725,"date":"2025-12-30T14:47:59","date_gmt":"2025-12-30T11:47:59","guid":{"rendered":"https:\/\/www.dchost.com\/blog\/mta-sts-tls-rpt-ve-bimi-nedir-e-posta-guvenligi-ve-marka-gorunurlugu-icin-gelismis-dns-ayarlari\/"},"modified":"2025-12-30T14:47:59","modified_gmt":"2025-12-30T11:47:59","slug":"mta-sts-tls-rpt-ve-bimi-nedir-e-posta-guvenligi-ve-marka-gorunurlugu-icin-gelismis-dns-ayarlari","status":"publish","type":"post","link":"https:\/\/www.dchost.com\/blog\/mta-sts-tls-rpt-ve-bimi-nedir-e-posta-guvenligi-ve-marka-gorunurlugu-icin-gelismis-dns-ayarlari\/","title":{"rendered":"MTA\u2011STS, TLS\u2011RPT ve BIMI Nedir? E\u2011Posta G\u00fcvenli\u011fi ve Marka G\u00f6r\u00fcn\u00fcrl\u00fc\u011f\u00fc \u0130\u00e7in Geli\u015fmi\u015f DNS Ayarlar\u0131"},"content":{"rendered":"<div class=\"dchost-blog-content-wrapper\"><div id=\"toc_container\" class=\"toc_transparent no_bullets\"><p class=\"toc_title\">\u0130&ccedil;indekiler<\/p><ul class=\"toc_list\"><li><a href=\"#Eposta_guvenliginde_yeni_katman_MTASTS_TLSRPT_ve_BIMI_neden_onemli\"><span class=\"toc_number toc_depth_1\">1<\/span> E\u2011posta g\u00fcvenli\u011finde yeni katman: MTA\u2011STS, TLS\u2011RPT ve BIMI neden \u00f6nemli?<\/a><\/li><li><a href=\"#Temel_zemin_SPF_DKIM_DMARC_ve_TLSi_dogru_kurmadan_ilerlemeyin\"><span class=\"toc_number toc_depth_1\">2<\/span> Temel zemin: SPF, DKIM, DMARC ve TLS\u2019i do\u011fru kurmadan ilerlemeyin<\/a><\/li><li><a href=\"#MTASTS_nedir_SMTP_icin_zorunlu_TLS_politikasi\"><span class=\"toc_number toc_depth_1\">3<\/span> MTA\u2011STS nedir? SMTP i\u00e7in zorunlu TLS politikas\u0131<\/a><ul><li><a href=\"#MTASTS_neyi_cozer_SPFDMARCtan_farki_nedir\"><span class=\"toc_number toc_depth_2\">3.1<\/span> MTA\u2011STS neyi \u00e7\u00f6zer, SPF\/DMARC\u2019tan fark\u0131 nedir?<\/a><\/li><li><a href=\"#MTASTS_politika_dosyasinin_yapisi\"><span class=\"toc_number toc_depth_2\">3.2<\/span> MTA\u2011STS politika dosyas\u0131n\u0131n yap\u0131s\u0131<\/a><\/li><li><a href=\"#MTASTS_DNS_kaydi_nasil_gorunur\"><span class=\"toc_number toc_depth_2\">3.3<\/span> MTA\u2011STS DNS kayd\u0131 nas\u0131l g\u00f6r\u00fcn\u00fcr?<\/a><\/li><li><a href=\"#MTASTS_modlari_none_testing_enforce\"><span class=\"toc_number toc_depth_2\">3.4<\/span> MTA\u2011STS modlar\u0131: none, testing, enforce<\/a><\/li><li><a href=\"#DCHost_altyapisinda_MTASTS_politikasi_nerede_barinmali\"><span class=\"toc_number toc_depth_2\">3.5<\/span> DCHost altyap\u0131s\u0131nda MTA\u2011STS politikas\u0131 nerede bar\u0131nmal\u0131?<\/a><\/li><\/ul><\/li><li><a href=\"#TLSRPT_nedir_TLS_sorunlari_icin_geri_bildirim_kanali\"><span class=\"toc_number toc_depth_1\">4<\/span> TLS\u2011RPT nedir? TLS sorunlar\u0131 i\u00e7in geri bildirim kanal\u0131<\/a><ul><li><a href=\"#TLSRPT_DNS_kaydi_nasil_tanimlanir\"><span class=\"toc_number toc_depth_2\">4.1<\/span> TLS\u2011RPT DNS kayd\u0131 nas\u0131l tan\u0131mlan\u0131r?<\/a><\/li><li><a href=\"#TLSRPT_raporlarinda_hangi_bilgileri_gorursunuz\"><span class=\"toc_number toc_depth_2\">4.2<\/span> TLS\u2011RPT raporlar\u0131nda hangi bilgileri g\u00f6r\u00fcrs\u00fcn\u00fcz?<\/a><\/li><\/ul><\/li><li><a href=\"#BIMI_nedir_Marka_logonuzu_gelen_kutusuna_tasiyan_DNS_standardi\"><span class=\"toc_number toc_depth_1\">5<\/span> BIMI nedir? Marka logonuzu gelen kutusuna ta\u015f\u0131yan DNS standard\u0131<\/a><ul><li><a href=\"#BIMInin_on_kosullari_Neden_DMARCsiz_BIMI_olmaz\"><span class=\"toc_number toc_depth_2\">5.1<\/span> BIMI\u2019nin \u00f6n ko\u015fullar\u0131: Neden DMARC\u2019s\u0131z BIMI olmaz?<\/a><\/li><li><a href=\"#BIMI_DNS_kaydi_nasil_yazilir\"><span class=\"toc_number toc_depth_2\">5.2<\/span> BIMI DNS kayd\u0131 nas\u0131l yaz\u0131l\u0131r?<\/a><\/li><li><a href=\"#BIMInin_is_faydalari_Neden_ugrasmaya_deger\"><span class=\"toc_number toc_depth_2\">5.3<\/span> BIMI\u2019nin i\u015f faydalar\u0131: Neden u\u011fra\u015fmaya de\u011fer?<\/a><\/li><\/ul><\/li><li><a href=\"#MTASTS_TLSRPT_ve_BIMIyi_birlikte_dusunmek_Katmanli_guvenlik_ve_gorunurluk\"><span class=\"toc_number toc_depth_1\">6<\/span> MTA\u2011STS, TLS\u2011RPT ve BIMI\u2019yi birlikte d\u00fc\u015f\u00fcnmek: Katmanl\u0131 g\u00fcvenlik ve g\u00f6r\u00fcn\u00fcrl\u00fck<\/a><ul><li><a href=\"#Ornek_senaryo_1_KOBI_kurumsal_alan_adi_paylasimli_eposta_altyapisi\"><span class=\"toc_number toc_depth_2\">6.1<\/span> \u00d6rnek senaryo 1: KOB\u0130 kurumsal alan ad\u0131 + payla\u015f\u0131ml\u0131 e\u2011posta altyap\u0131s\u0131<\/a><\/li><li><a href=\"#Ornek_senaryo_2_SaaS_urunu_ayri_gonderim_alan_adi\"><span class=\"toc_number toc_depth_2\">6.2<\/span> \u00d6rnek senaryo 2: SaaS \u00fcr\u00fcn\u00fc + ayr\u0131 g\u00f6nderim alan ad\u0131<\/a><\/li><\/ul><\/li><li><a href=\"#Adim_adim_uygulama_rehberi_DNS_ve_sunucu_tarafinda_neler_yapmalisiniz\"><span class=\"toc_number toc_depth_1\">7<\/span> Ad\u0131m ad\u0131m uygulama rehberi: DNS ve sunucu taraf\u0131nda neler yapmal\u0131s\u0131n\u0131z?<\/a><ul><li><a href=\"#1_DNS_saglayicinizi_ve_otoriteyi_netlestirin\"><span class=\"toc_number toc_depth_2\">7.1<\/span> 1. DNS sa\u011flay\u0131c\u0131n\u0131z\u0131 ve otoriteyi netle\u015ftirin<\/a><\/li><li><a href=\"#2_MTASTS_icin_alt_alan_ve_politika_dosyasini_hazirlayin\"><span class=\"toc_number toc_depth_2\">7.2<\/span> 2. MTA\u2011STS i\u00e7in alt alan ve politika dosyas\u0131n\u0131 haz\u0131rlay\u0131n<\/a><\/li><li><a href=\"#3_TLSRPT_raporlama_adresini_planlayin\"><span class=\"toc_number toc_depth_2\">7.3<\/span> 3. TLS\u2011RPT raporlama adresini planlay\u0131n<\/a><\/li><li><a href=\"#4_BIMI_icin_logo_ve_DMARC_politikasini_hazir_hale_getirin\"><span class=\"toc_number toc_depth_2\">7.4<\/span> 4. BIMI i\u00e7in logo ve DMARC politikas\u0131n\u0131 haz\u0131r hale getirin<\/a><\/li><\/ul><\/li><li><a href=\"#DCHost_altyapisinda_dikkat_etmeniz_gereken_pratik_noktalar\"><span class=\"toc_number toc_depth_1\">8<\/span> DCHost altyap\u0131s\u0131nda dikkat etmeniz gereken pratik noktalar<\/a><\/li><li><a href=\"#Sonuc_Eposta_guvenligini_ve_markanizi_ayni_anda_guclendirmek_mumkun\"><span class=\"toc_number toc_depth_1\">9<\/span> Sonu\u00e7: E\u2011posta g\u00fcvenli\u011fini ve markan\u0131z\u0131 ayn\u0131 anda g\u00fc\u00e7lendirmek m\u00fcmk\u00fcn<\/a><\/li><\/ul><\/div>\n<h2><span id=\"Eposta_guvenliginde_yeni_katman_MTASTS_TLSRPT_ve_BIMI_neden_onemli\">E\u2011posta g\u00fcvenli\u011finde yeni katman: MTA\u2011STS, TLS\u2011RPT ve BIMI neden \u00f6nemli?<\/span><\/h2>\n<p>Alan ad\u0131n\u0131zla g\u00f6nderdi\u011finiz e\u2011postalar\u0131n ger\u00e7ekten al\u0131c\u0131ya g\u00fcvenli \u015fekilde ula\u015f\u0131p ula\u015fmad\u0131\u011f\u0131n\u0131, yol \u00fczerinde \u015fifrelemenin zorlan\u0131p zorlanmad\u0131\u011f\u0131n\u0131 veya markan\u0131z\u0131n gelen kutusunda nas\u0131l g\u00f6r\u00fcnd\u00fc\u011f\u00fcn\u00fc \u00e7o\u011fu zaman web projesinin planlama toplant\u0131s\u0131nda fazla konu\u015fmay\u0131z. SPF, DKIM ve DMARC kay\u0131tlar\u0131n\u0131 kurar, bir kere test eder ve konu kapand\u0131 zannederiz. Oysa bug\u00fcn b\u00fcy\u00fck e\u2011posta sa\u011flay\u0131c\u0131lar\u0131, <strong>MTA\u2011STS<\/strong>, <strong>TLS\u2011RPT<\/strong> ve <strong>BIMI<\/strong> gibi geli\u015fmi\u015f DNS temelli mekanizmalar\u0131 aktif olarak okuyup g\u00fcven puan\u0131n\u0131za ve marka g\u00f6r\u00fcn\u00fcrl\u00fc\u011f\u00fcn\u00fcze g\u00f6re karar veriyor.<\/p>\n<p>Biz DCHost taraf\u0131nda, \u00f6zellikle transactional (\u015fifre s\u0131f\u0131rlama, sipari\u015f bildirimleri) ve pazarlama e\u2011postalar\u0131n\u0131 ayn\u0131 altyap\u0131da \u00e7al\u0131\u015ft\u0131ran m\u00fc\u015fterilerde, SPF\/DKIM\/DMARC\u2019tan sonra ikinci ad\u0131m olarak MTA\u2011STS, TLS\u2011RPT ve BIMI kurulumunun bariz fark yaratt\u0131\u011f\u0131n\u0131 sahada g\u00f6r\u00fcyoruz. Bu makalede, bu \u00fc\u00e7 bile\u015fenin ne yapt\u0131\u011f\u0131n\u0131, nas\u0131l \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 ve alan ad\u0131n\u0131zda hangi DNS kay\u0131tlar\u0131n\u0131 eklemeniz gerekti\u011fini sade ama teknik a\u00e7\u0131dan eksiksiz bi\u00e7imde anlataca\u011f\u0131z. Ayr\u0131ca farkl\u0131 \u00f6l\u00e7eklerde i\u015fletmeler i\u00e7in pratik kurulum stratejileri ve DCHost altyap\u0131s\u0131nda nelere dikkat etmeniz gerekti\u011fini de ad\u0131m ad\u0131m \u00fczerinden ge\u00e7ece\u011fiz.<\/p>\n<h2><span id=\"Temel_zemin_SPF_DKIM_DMARC_ve_TLSi_dogru_kurmadan_ilerlemeyin\">Temel zemin: SPF, DKIM, DMARC ve TLS\u2019i do\u011fru kurmadan ilerlemeyin<\/span><\/h2>\n<p>MTA\u2011STS, TLS\u2011RPT ve BIMI, e\u2011posta g\u00fcvenli\u011finin <em>ikinci katman\u0131<\/em> gibi d\u00fc\u015f\u00fcnebilece\u011finiz, temel ayarlar\u0131n \u00fczerine gelen \u00f6zelliklerdir. Bu y\u00fczden, \u00f6nce \u015fu d\u00f6rt ta\u015f\u0131 sa\u011flam oturtman\u0131z gerekir:<\/p>\n<ul>\n<li><strong>SPF<\/strong>: Hangi IP\u2019lerin\/servislerin alan ad\u0131n\u0131z ad\u0131na e\u2011posta g\u00f6ndermeye yetkili oldu\u011funu tan\u0131mlar.<\/li>\n<li><strong>DKIM<\/strong>: E\u2011postalar\u0131n i\u00e7erik b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc ve g\u00f6nderici alan ad\u0131n\u0131 kriptografik imzalarla do\u011frular.<\/li>\n<li><strong>DMARC<\/strong>: SPF\/DKIM sonu\u00e7lar\u0131n\u0131 politika haline getirir ve ba\u015far\u0131s\u0131z do\u011frulanan iletilere nas\u0131l davran\u0131laca\u011f\u0131n\u0131 s\u00f6yler.<\/li>\n<li><strong>TLS<\/strong>: SMTP \u00fczerinden e\u2011posta aktar\u0131l\u0131rken sunucular aras\u0131 trafi\u011fin \u015fifrelenmesini sa\u011flar.<\/li>\n<\/ul>\n<p>Bu temele a\u015fina de\u011filseniz, \u00f6nce <a href=\"https:\/\/www.dchost.com\/blog\/spf-dkim-ve-dmarc-nedir-ozel-alan-adi-ile-e-posta-dogrulamasini-cpanel-ve-vpste-sifirdan-kurmak\/\">SPF, DKIM ve DMARC do\u011frulamas\u0131n\u0131 s\u0131f\u0131rdan kurmay\u0131 anlatt\u0131\u011f\u0131m\u0131z rehbere<\/a> g\u00f6z atman\u0131z\u0131 \u00f6neririz. Ayr\u0131ca PTR (reverse DNS), IP itibar\u0131 ve spam klas\u00f6r\u00fcne d\u00fc\u015fmeme taraf\u0131n\u0131 da <a href=\"https:\/\/www.dchost.com\/blog\/ptr-reverse-dns-kaydi-vps-ipniz-icin-dogru-ayar-ve-e-posta-teslimine-etkisi\/\">PTR (Reverse DNS) kayd\u0131<\/a> ve <a href=\"https:\/\/www.dchost.com\/blog\/e-postalar-neden-spam-klasorune-dusuyor-paylasimli-hosting-ve-vps-icin-teslim-edilebilirlik-kontrol-listesi\/\">e\u2011postalar neden spam klas\u00f6r\u00fcne d\u00fc\u015f\u00fcyor<\/a> makalelerimizle birlikte okursan\u0131z, bu yaz\u0131daki ileri seviye konular \u00e7ok daha anlaml\u0131 hale gelir.<\/p>\n<h2><span id=\"MTASTS_nedir_SMTP_icin_zorunlu_TLS_politikasi\">MTA\u2011STS nedir? SMTP i\u00e7in zorunlu TLS politikas\u0131<\/span><\/h2>\n<p><strong>MTA\u2011STS (Mail Transfer Agent Strict Transport Security)<\/strong>, alan ad\u0131n\u0131z i\u00e7in \u201cBana e\u2011posta g\u00f6nderirken mutlaka ge\u00e7erli bir TLS sertifikas\u0131 ile \u015fifreleme kullan ve sadece \u015fu MX sunucular\u0131na ba\u011flan\u201d diyebildi\u011finiz bir politika mekanizmas\u0131d\u0131r. Ama\u00e7, iki \u00f6nemli riski azaltmakt\u0131r:<\/p>\n<ul>\n<li><strong>TLS downgrade sald\u0131r\u0131lar\u0131<\/strong>: Sald\u0131rgan, iki sunucu aras\u0131ndaki STARTTLS m\u00fczakeresini bozup ileti\u015fimi \u015fifresiz hale getirmeye \u00e7al\u0131\u015fabilir.<\/li>\n<li><strong>MX spoofing \/ ortadaki adam<\/strong>: DNS\u2019te MX cevab\u0131n\u0131 manip\u00fcle edip e\u2011postalar\u0131 sahte bir sunucuya ak\u0131tmaya \u00e7al\u0131\u015fabilir.<\/li>\n<\/ul>\n<p>MTA\u2011STS, iki par\u00e7adan olu\u015fur:<\/p>\n<ol>\n<li>DNS taraf\u0131nda bir <code>_mta-sts.example.com<\/code> TXT kayd\u0131,<\/li>\n<li>HTTPS \u00fczerinden yay\u0131nlanan bir politika dosyas\u0131 (<code>https:\/\/mta-sts.example.com\/.well-known\/mta-sts.txt<\/code>).<\/li>\n<\/ol>\n<h3><span id=\"MTASTS_neyi_cozer_SPFDMARCtan_farki_nedir\">MTA\u2011STS neyi \u00e7\u00f6zer, SPF\/DMARC\u2019tan fark\u0131 nedir?<\/span><\/h3>\n<p>SPF, DKIM ve DMARC daha \u00e7ok <strong>g\u00f6nderici kimli\u011fini<\/strong> ve mesaj b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc do\u011frular. MTA\u2011STS ise <strong>ta\u015f\u0131ma katman\u0131n\u0131<\/strong> g\u00fcvene al\u0131r. Yani MTA\u2011STS, \u201cBu alan ad\u0131na giden e\u2011postalar \u015fu MX sunucular\u0131na gider ve bu sunucular TLS\u2019i <em>zorunlu<\/em> tutar\u201d mesaj\u0131n\u0131 yay\u0131nlar.<\/p>\n<p>Bu sayede, SPF ve DKIM ile imzalanm\u0131\u015f me\u015fru bir e\u2011postan\u0131n bile yol \u00fczerinde \u015fifresiz gitmesi veya yanl\u0131\u015f bir MX\u2019e y\u00f6nelmesi engellenmeye \u00e7al\u0131\u015f\u0131l\u0131r.<\/p>\n<h3><span id=\"MTASTS_politika_dosyasinin_yapisi\">MTA\u2011STS politika dosyas\u0131n\u0131n yap\u0131s\u0131<\/span><\/h3>\n<p>Politika dosyas\u0131 d\u00fcz metin bir dosyad\u0131r ve \u015fu formatta olur:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">version: STSv1\nmode: enforce\nmx: mail1.example.com\nmx: mail2.example.com\nmax_age: 604800\n<\/code><\/pre>\n<ul>\n<li><strong>version<\/strong>: \u015eu an i\u00e7in her zaman <code>STSv1<\/code>.<\/li>\n<li><strong>mode<\/strong>: <code>none<\/code>, <code>testing<\/code> veya <code>enforce<\/code> olabilir.<\/li>\n<li><strong>mx<\/strong>: Kabul edilebilir MX host isimleri veya joker desenleri (\u00f6rn. <code>*.example.com<\/code>).<\/li>\n<li><strong>max_age<\/strong>: Saniye cinsinden, g\u00f6nderen sunucunun bu politikay\u0131 ne kadar s\u00fcre hat\u0131rlayaca\u011f\u0131 (\u00f6rn. 604800 \u2248 7 g\u00fcn).<\/li>\n<\/ul>\n<h3><span id=\"MTASTS_DNS_kaydi_nasil_gorunur\">MTA\u2011STS DNS kayd\u0131 nas\u0131l g\u00f6r\u00fcn\u00fcr?<\/span><\/h3>\n<p>DNS taraf\u0131nda genellikle \u015fu \u015fekilde bir TXT kayd\u0131 olu\u015fturursunuz:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">_mta-sts.example.com. 3600 IN TXT &quot;v=STSv1; id=2025010101&quot;\n<\/code><\/pre>\n<ul>\n<li><strong>v=STSv1<\/strong>: Protokol s\u00fcr\u00fcm\u00fc.<\/li>\n<li><strong>id=&#8230;<\/strong>: Politikay\u0131 versiyonlamak i\u00e7in serbest bir alan. Politikay\u0131 de\u011fi\u015ftirdi\u011finizde id de\u011ferini de de\u011fi\u015ftirerek g\u00f6nderici sunucular\u0131n politikay\u0131 yeniden almas\u0131n\u0131 zorlars\u0131n\u0131z.<\/li>\n<\/ul>\n<h3><span id=\"MTASTS_modlari_none_testing_enforce\">MTA\u2011STS modlar\u0131: none, testing, enforce<\/span><\/h3>\n<p>Canl\u0131 sistemde ad\u0131m ad\u0131m ilerlemeniz i\u00e7in \u00fc\u00e7 mod d\u00fc\u015f\u00fcn\u00fclm\u00fc\u015ft\u00fcr:<\/p>\n<ul>\n<li><strong>none<\/strong>: Politika yay\u0131nlan\u0131r ama g\u00f6nderen sunucular bu politikay\u0131 uygulamak zorunda de\u011fildir. Ke\u015fif a\u015famas\u0131 i\u00e7in uygundur.<\/li>\n<li><strong>testing<\/strong>: G\u00f6nderen sunucular politikay\u0131 dener, ba\u015far\u0131s\u0131z olursa d\u00fc\u015f\u00fcrmeden \u00f6nce genelde rapor \u00fcretir. Hatalar\u0131 g\u00f6rmek i\u00e7in idealdir.<\/li>\n<li><strong>enforce<\/strong>: En \u00f6nemli mod. Politika \u015fartlar\u0131 sa\u011flanamazsa g\u00f6nderici sunucular e\u2011postay\u0131 teslim etmemeyi tercih edebilir.<\/li>\n<\/ul>\n<p>Bizim \u00f6nerimiz, \u00fcretim ortam\u0131nda genellikle \u015fu s\u0131rayla ilerlemeniz:<\/p>\n<ol>\n<li><code>mode: none<\/code> ile 1\u20112 hafta yay\u0131nda tutun, DNS ve HTTPS eri\u015fiminin stabil oldu\u011fundan emin olun.<\/li>\n<li><code>mode: testing<\/code>\u2019e ge\u00e7in ve TLS\u2011RPT raporlar\u0131yla hata olup olmad\u0131\u011f\u0131n\u0131 analiz edin.<\/li>\n<li>Hatalar\u0131 \u00e7\u00f6zd\u00fckten sonra <code>mode: enforce<\/code> ile s\u0131k\u0131 \u015fifrelemeyi zorunlu k\u0131l\u0131n.<\/li>\n<\/ol>\n<h3><span id=\"DCHost_altyapisinda_MTASTS_politikasi_nerede_barinmali\">DCHost altyap\u0131s\u0131nda MTA\u2011STS politikas\u0131 nerede bar\u0131nmal\u0131?<\/span><\/h3>\n<p>Politika dosyas\u0131n\u0131n <strong>HTTPS \u00fczerinden eri\u015filebilir<\/strong> olmas\u0131 \u015fart. Bunun i\u00e7in iki tip kurulum g\u00f6r\u00fcrs\u00fcn\u00fcz:<\/p>\n<ul>\n<li><strong>Payla\u015f\u0131ml\u0131 hosting<\/strong>: Alan ad\u0131n\u0131z zaten DCHost \u00fczerindeyse, <code>mta-sts.example.com<\/code> i\u00e7in bir alt alan olu\u015fturup, <code>\/.well-known\/mta-sts.txt<\/code> dosyas\u0131n\u0131 web dizinine koyabilirsiniz.<\/li>\n<li><strong>VPS\/dedicated<\/strong>: Kendi Nginx\/Apache yap\u0131land\u0131rman\u0131z varsa, basit bir sanal host ile sadece bu dosyay\u0131 servis eden hafif bir site kurabilirsiniz. SSL\/TLS sertifikan\u0131z\u0131 <a href=\"https:\/\/www.dchost.com\/blog\/lets-encrypt-ile-ucretsiz-ssl-sertifikasi-kurulumu-cpanel-ve-directadminde-otomatik-yenileme-rehberi\/\">Let\u2019s Encrypt otomasyonu<\/a> ile otomatik yenileyecek \u015fekilde tasarlaman\u0131z\u0131 tavsiye ederiz.<\/li>\n<\/ul>\n<h2><span id=\"TLSRPT_nedir_TLS_sorunlari_icin_geri_bildirim_kanali\">TLS\u2011RPT nedir? TLS sorunlar\u0131 i\u00e7in geri bildirim kanal\u0131<\/span><\/h2>\n<p><strong>TLS\u2011RPT (SMTP TLS Reporting)<\/strong>, di\u011fer e\u2011posta sa\u011flay\u0131c\u0131lar\u0131n\u0131n, alan ad\u0131n\u0131za e\u2011posta g\u00f6ndermeye \u00e7al\u0131\u015f\u0131rken ya\u015fad\u0131klar\u0131 TLS kaynakl\u0131 hatalar\u0131 size toplu raporlar halinde bildirmesini sa\u011flar. Bu raporlar genellikle g\u00fcnl\u00fck veya birka\u00e7 saatte bir gelir ve JSON format\u0131nda \u00f6zet bilgiler i\u00e7erir.<\/p>\n<p>MTA\u2011STS ile birlikte kullan\u0131ld\u0131\u011f\u0131nda, \u201cTLS zorunlu\u201d politikan\u0131z\u0131n sahada ger\u00e7ekten d\u00fczg\u00fcn \u00e7al\u0131\u015f\u0131p \u00e7al\u0131\u015fmad\u0131\u011f\u0131n\u0131 g\u00f6rmeniz i\u00e7in \u00e7ok de\u011ferli bir ara\u00e7t\u0131r.<\/p>\n<h3><span id=\"TLSRPT_DNS_kaydi_nasil_tanimlanir\">TLS\u2011RPT DNS kayd\u0131 nas\u0131l tan\u0131mlan\u0131r?<\/span><\/h3>\n<p>Alan ad\u0131n\u0131z i\u00e7in \u015fu \u015fekilde bir TXT kayd\u0131 olu\u015fturursunuz:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">_smtp._tls.example.com. 3600 IN TXT \n  &quot;v=TLSRPTv1; rua=mailto:tls-report@example.com&quot;\n<\/code><\/pre>\n<ul>\n<li><strong>v=TLSRPTv1<\/strong>: Protokol s\u00fcr\u00fcm\u00fc.<\/li>\n<li><strong>rua=mailto:<\/strong>: Raporlar\u0131n g\u00f6nderilece\u011fi e\u2011posta adres(ler)i. Birden fazla adresi virg\u00fclle ay\u0131rabilirsiniz.<\/li>\n<\/ul>\n<p>Bu adresi, m\u00fcmk\u00fcnse sadece rapor toplamak i\u00e7in ayr\u0131lm\u0131\u015f ve gelen kutusu d\u00fczenli olarak izlenen bir posta kutusuna y\u00f6nlendirin. Baz\u0131 b\u00fcy\u00fck g\u00f6ndericiler g\u00fcnde y\u00fczlerce rapor yollayabilir.<\/p>\n<h3><span id=\"TLSRPT_raporlarinda_hangi_bilgileri_gorursunuz\">TLS\u2011RPT raporlar\u0131nda hangi bilgileri g\u00f6r\u00fcrs\u00fcn\u00fcz?<\/span><\/h3>\n<p>Raporlar\u0131n i\u00e7inde kabaca \u015fu bilgiler yer al\u0131r:<\/p>\n<ul>\n<li>Hangi g\u00f6nderen sunucunun sizin alan ad\u0131n\u0131za e\u2011posta g\u00f6ndermeye \u00e7al\u0131\u015ft\u0131\u011f\u0131,<\/li>\n<li>Hangi <strong>MX hedefi<\/strong> ile konu\u015fmaya \u00e7al\u0131\u015ft\u0131\u011f\u0131,<\/li>\n<li>TLS versiyonu ve kullan\u0131lan \u015fifre paketleri,<\/li>\n<li>Do\u011frulama sorunlar\u0131 (ge\u00e7ersiz sertifika, hostname uyu\u015fmazl\u0131\u011f\u0131 vb.),<\/li>\n<li>Ka\u00e7 teslimat denemesinde sorun oldu\u011fu.<\/li>\n<\/ul>\n<p>Bu veriler sayesinde \u015funlar\u0131 yakalayabilirsiniz:<\/p>\n<ul>\n<li>Yanl\u0131\u015f yap\u0131land\u0131r\u0131lm\u0131\u015f veya s\u00fcresi dolmu\u015f TLS sertifikas\u0131 olan MX sunucular\u0131,<\/li>\n<li>Yanl\u0131\u015f IP\u2019ye \u00e7\u00f6z\u00fclen DNS kay\u0131tlar\u0131,<\/li>\n<li>Belirli bir lokasyondan gelen hatal\u0131 trafik (\u00f6rne\u011fin bozuk bir kurumsal gateway).<\/li>\n<\/ul>\n<p>Daha derin teknik analiz ve \u00f6rnek rapor \u00e7\u0131kt\u0131lar\u0131 i\u00e7in, blogumuzdaki <a href=\"https:\/\/www.dchost.com\/blog\/e-posta-itibarini-kurtarma-rehberi-blacklist-delisting-postmaster-araclari-ve-guvenli-ip-isitma-nasil-kurtarici-olur\/\">postmaster ara\u00e7lar\u0131 ve itibar y\u00f6netimi<\/a> ile birlikte, <a href=\"https:\/\/www.dchost.com\/blog\/e%E2%80%91postada-mta%E2%80%91sts-tls%E2%80%91rpt-ve-dane-teslim-edilebilirligi-nasil-tatli-tatli-yukseltirsin\/\">MTA\u2011STS ve TLS\u2011RPT ile teslim edilebilirli\u011fi art\u0131rmay\u0131 anlatt\u0131\u011f\u0131m\u0131z yaz\u0131y\u0131<\/a> okuman\u0131z\u0131 tavsiye ederiz.<\/p>\n<h2><span id=\"BIMI_nedir_Marka_logonuzu_gelen_kutusuna_tasiyan_DNS_standardi\">BIMI nedir? Marka logonuzu gelen kutusuna ta\u015f\u0131yan DNS standard\u0131<\/span><\/h2>\n<p><strong>BIMI (Brand Indicators for Message Identification)<\/strong>, alan ad\u0131n\u0131zdan g\u00f6nderilen ve belirli g\u00fcvenlik kriterlerini sa\u011flayan e\u2011postalar i\u00e7in, al\u0131c\u0131 taraf posta kutular\u0131nda <strong>marka logonuzun g\u00f6sterilmesini<\/strong> sa\u011flayan bir mekanizmad\u0131r. Teknik olarak BIMI de bir <strong>DNS TXT kayd\u0131<\/strong> ile ba\u015flar; ancak sadece DNS kayd\u0131 yeterli de\u011fildir.<\/p>\n<h3><span id=\"BIMInin_on_kosullari_Neden_DMARCsiz_BIMI_olmaz\">BIMI\u2019nin \u00f6n ko\u015fullar\u0131: Neden DMARC\u2019s\u0131z BIMI olmaz?<\/span><\/h3>\n<p>BIMI\u2019yi, \u201ce\u2011posta g\u00fcvenli\u011fini ciddiye alan markalara verilen g\u00f6r\u00fcn\u00fcrl\u00fck \u00f6d\u00fcl\u00fc\u201d gibi d\u00fc\u015f\u00fcnebilirsiniz. \u00c7o\u011fu b\u00fcy\u00fck sa\u011flay\u0131c\u0131 BIMI g\u00f6stermek i\u00e7in \u015fu \u015fartlar\u0131 arar:<\/p>\n<ul>\n<li><strong>DMARC etkin<\/strong> olmal\u0131 ve politikas\u0131 <code>p=quarantine<\/code> veya <code>p=reject<\/code> seviyesinde olmal\u0131.<\/li>\n<li>SPF ve\/veya DKIM do\u011frulamas\u0131 tutarl\u0131 \u015fekilde ba\u015far\u0131l\u0131 olmal\u0131.<\/li>\n<li>Alan ad\u0131n\u0131z spam\/kimlik av\u0131 a\u00e7\u0131s\u0131ndan k\u00f6t\u00fc itibara sahip olmamal\u0131.<\/li>\n<li>Logo dosyan\u0131z <strong>SVG Tiny PS<\/strong> format\u0131nda, g\u00fcvenli bir HTTPS kayna\u011f\u0131nda bar\u0131nmal\u0131.<\/li>\n<li>Baz\u0131 sa\u011flay\u0131c\u0131lar i\u00e7in ayr\u0131ca <strong>VMC (Verified Mark Certificate)<\/strong> gerekir.<\/li>\n<\/ul>\n<p>DMARC\u2019\u0131 h\u00e2l\u00e2 <code>p=none<\/code> modunda \u00e7al\u0131\u015ft\u0131r\u0131yorsan\u0131z, BIMI ile ilerlemeden \u00f6nce <a href=\"https:\/\/www.dchost.com\/blog\/gelismis-dmarc-ve-bimi-rua-ruf-raporlarindan-marka-gostergesine-nasil-yol-alinir\/\">Geli\u015fmi\u015f DMARC ve BIMI rehberimizde<\/a> anlatt\u0131\u011f\u0131m\u0131z gibi raporlara bakarak DMARC politikan\u0131z\u0131 s\u0131k\u0131la\u015ft\u0131rman\u0131z \u00e7ok kritik.<\/p>\n<h3><span id=\"BIMI_DNS_kaydi_nasil_yazilir\">BIMI DNS kayd\u0131 nas\u0131l yaz\u0131l\u0131r?<\/span><\/h3>\n<p>\u00d6rnek bir BIMI kayd\u0131 \u015fu \u015fekilde g\u00f6r\u00fcn\u00fcr:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">default._bimi.example.com. 3600 IN TXT \n  &quot;v=BIMI1; l=https:\/\/static.example.com\/brand\/logo-bimi.svg; \n   a=https:\/\/static.example.com\/brand\/example-vmc.pem&quot;\n<\/code><\/pre>\n<ul>\n<li><strong>v=BIMI1<\/strong>: Protokol s\u00fcr\u00fcm\u00fc.<\/li>\n<li><strong>l=<\/strong>: Logo URL\u2019si (HTTPS, SVG Tiny PS format\u0131nda).<\/li>\n<li><strong>a=<\/strong>: VMC sertifika URL\u2019si. E\u011fer hen\u00fcz VMC yoksa baz\u0131 sa\u011flay\u0131c\u0131larda <code>a=<\/code> bo\u015f b\u0131rak\u0131labilir; ancak uzun vadede kurumsal markalar i\u00e7in VMC \u00f6nerilir.<\/li>\n<\/ul>\n<p>Logo URL\u2019sini bar\u0131nd\u0131rd\u0131\u011f\u0131n\u0131z altyap\u0131 g\u00fcvenli ve h\u0131zl\u0131 olmal\u0131d\u0131r. Logonun yava\u015f y\u00fcklenmesi, her sorguda sorun \u00e7\u0131karmaz ama marka deneyimini etkileyebilir. Bu dosyay\u0131 DCHost \u00fczerindeki statik bir alan ad\u0131 veya CDN destekli bir alt alan \u00fczerinden sunmak iyi bir pratik olur.<\/p>\n<h3><span id=\"BIMInin_is_faydalari_Neden_ugrasmaya_deger\">BIMI\u2019nin i\u015f faydalar\u0131: Neden u\u011fra\u015fmaya de\u011fer?<\/span><\/h3>\n<p>Teknik a\u00e7\u0131dan bakarsak BIMI, e\u2011posta teslim edilebilirli\u011fini do\u011frudan art\u0131ran bir mekanizma olmaktan ziyade, <strong>g\u00fcven alg\u0131s\u0131n\u0131 ve t\u0131klama oranlar\u0131n\u0131 iyile\u015ftiren<\/strong> bir katmand\u0131r. Ancak \u015funu unutmamak gerekir:<\/p>\n<ul>\n<li>BIMI entegrasyonu i\u00e7in gereken DMARC seviyesi ve d\u00fc\u015f\u00fck spam oran\u0131, dolayl\u0131 olarak teslim edilebilirli\u011finizi zaten yukar\u0131 \u00e7eker.<\/li>\n<li>Gelen kutusunda kurumsal logonuzun g\u00f6r\u00fcnmesi, \u00f6zellikle finansal i\u015flem, e\u2011ticaret veya \u00fcyelik tabanl\u0131 hizmetlerde kullan\u0131c\u0131lar\u0131n \u201cBu ger\u00e7ekten bizim marka m\u0131?\u201d sorusunu daha az sormas\u0131na yard\u0131mc\u0131 olur.<\/li>\n<li>Spam ve oltalama kampanyalar\u0131yla kirlenmi\u015f dikeylerde (\u00f6rne\u011fin kargo\/loji\u0307sti\u0307k, finans, kripto) ger\u00e7ek markalar\u0131n kendini g\u00f6rsel olarak ay\u0131rt etmesi kritik hale gelir.<\/li>\n<\/ul>\n<h2><span id=\"MTASTS_TLSRPT_ve_BIMIyi_birlikte_dusunmek_Katmanli_guvenlik_ve_gorunurluk\">MTA\u2011STS, TLS\u2011RPT ve BIMI\u2019yi birlikte d\u00fc\u015f\u00fcnmek: Katmanl\u0131 g\u00fcvenlik ve g\u00f6r\u00fcn\u00fcrl\u00fck<\/span><\/h2>\n<p>\u015eimdi bu \u00fc\u00e7 mekanizmay\u0131 birlikte ele alal\u0131m. Alan ad\u0131n\u0131z i\u00e7in ideal tabloyu \u015f\u00f6yle \u00f6zetleyebiliriz:<\/p>\n<ul>\n<li>SPF, DKIM, DMARC ve PTR d\u00fczg\u00fcn yap\u0131land\u0131r\u0131lm\u0131\u015f, DMARC politikas\u0131 en az <code>p=quarantine<\/code>.<\/li>\n<li>MTA\u2011STS <code>mode=enforce<\/code> ile aktif, HTTPS politikas\u0131 oturmu\u015f, DNS kay\u0131tlar\u0131 stabil.<\/li>\n<li>TLS\u2011RPT raporlar\u0131 d\u00fczenli olarak toplan\u0131yor, otomatik analiz veya en az\u0131ndan periyodik manuel kontrol yap\u0131l\u0131yor.<\/li>\n<li>BIMI kayd\u0131 eklenmi\u015f, logo URL\u2019si ve (varsa) VMC sertifikas\u0131 sa\u011fl\u0131kl\u0131.<\/li>\n<\/ul>\n<p>B\u00f6yle bir kurulumun pratikte size sa\u011flad\u0131\u011f\u0131 avantajlar:<\/p>\n<ul>\n<li><strong>Ta\u015f\u0131ma katman\u0131 \u015fifrelemesi garanti<\/strong>: E\u2011postalar\u0131n\u0131z, \u015fifrelemesi k\u0131r\u0131lm\u0131\u015f veya sahte MX sunucular\u0131na kolayca d\u00fc\u015fmez.<\/li>\n<li><strong>G\u00f6zlemlenebilirlik<\/strong>: TLS\u2011RPT sayesinde, e\u2011posta trafi\u011finizdeki teknik sorunlar\u0131 ka\u011f\u0131t \u00fczerinde g\u00f6rebilirsiniz.<\/li>\n<li><strong>G\u00fc\u00e7l\u00fc kimlik ve g\u00f6r\u00fcn\u00fcr marka<\/strong>: DMARC + BIMI kombinasyonu ile hem sahtecilik zorla\u015f\u0131r hem de ger\u00e7ek markan\u0131z kullan\u0131c\u0131n\u0131n g\u00f6z\u00fcnde g\u00fc\u00e7lenir.<\/li>\n<\/ul>\n<h3><span id=\"Ornek_senaryo_1_KOBI_kurumsal_alan_adi_paylasimli_eposta_altyapisi\">\u00d6rnek senaryo 1: KOB\u0130 kurumsal alan ad\u0131 + payla\u015f\u0131ml\u0131 e\u2011posta altyap\u0131s\u0131<\/span><\/h3>\n<p>Bir\u00e7ok m\u00fc\u015fterimizde g\u00f6rd\u00fc\u011f\u00fcm\u00fcz basit ama etkili strateji \u015f\u00f6yle:<\/p>\n<ol>\n<li><strong>SPF\/DKIM\/DMARC<\/strong>: DCHost \u00fczerindeki e\u2011posta hizmeti i\u00e7in SPF kayd\u0131n\u0131 tan\u0131mlay\u0131p, DKIM\u2019i panelden aktif ediyoruz. DMARC\u2019\u0131 \u00f6nce <code>p=none<\/code> ile ba\u015flat\u0131p raporlara bak\u0131yoruz.<\/li>\n<li><strong>MTA\u2011STS<\/strong>: Kurumsal web sitesinin bar\u0131nd\u0131\u011f\u0131 hosting hesab\u0131nda <code>mta-sts.example.com<\/code> alt alan\u0131n\u0131 a\u00e7\u0131p, basit bir <code>mta-sts.txt<\/code> dosyas\u0131 servis ediyoruz. DNS\u2019te <code>_mta-sts<\/code> TXT kayd\u0131n\u0131 ekliyoruz.<\/li>\n<li><strong>TLS\u2011RPT<\/strong>: <code>_smtp._tls<\/code> kayd\u0131n\u0131 ekleyip raporlar\u0131 <code>postmaster@<\/code> veya \u00f6zel bir <code>tls-report@<\/code> adresine topluyoruz.<\/li>\n<li><strong>DMARC s\u0131k\u0131la\u015ft\u0131rma<\/strong>: 1\u20112 ay raporlardan yanl\u0131\u015f kaynaklar\u0131 temizledikten sonra DMARC\u2019\u0131 <code>p=quarantine<\/code> ve daha sonra <code>p=reject<\/code> seviyesine \u00e7ekiyoruz.<\/li>\n<li><strong>BIMI<\/strong>: Logo dosyas\u0131n\u0131 statik bir alt alanda bar\u0131nd\u0131r\u0131yor, BIMI TXT kayd\u0131n\u0131 ekliyoruz.<\/li>\n<\/ol>\n<p>Bu a\u015famalar genellikle DNS ve panel eri\u015fimi olan teknik bir ki\u015fiyle, birka\u00e7 toplant\u0131 ve k\u0131sa testlerle tamamlanabiliyor.<\/p>\n<h3><span id=\"Ornek_senaryo_2_SaaS_urunu_ayri_gonderim_alan_adi\">\u00d6rnek senaryo 2: SaaS \u00fcr\u00fcn\u00fc + ayr\u0131 g\u00f6nderim alan ad\u0131<\/span><\/h3>\n<p>E\u011fer SaaS veya y\u00fcksek hacimli transactional e\u2011posta g\u00f6nderen bir yap\u0131n\u0131z varsa, <a href=\"https:\/\/www.dchost.com\/blog\/e-posta-icin-ayri-gonderim-alan-adi-kullanmak-transactional-ve-pazarlama-e-postalari-icin-dogru-domain-ve-dns-stratejisi\/\">ayr\u0131 g\u00f6nderim alan ad\u0131 kullanma stratejisini<\/a> incelemenizi \u00f6neririz. Bu durumda:<\/p>\n<ul>\n<li><code>example.com<\/code> kurumsal alan ad\u0131 olarak kal\u0131r; BIMI, DMARC, MTA\u2011STS burada maksimum seviyede s\u0131k\u0131la\u015ft\u0131r\u0131l\u0131r.<\/li>\n<li><code>mail.example.com<\/code> veya <code>notify.example.com<\/code> gibi bir alt alan sadece transactional\/pazarlama i\u00e7in ayr\u0131l\u0131r.<\/li>\n<li>Bu alt alan i\u00e7in de SPF\/DKIM\/DMARC, MTA\u2011STS, TLS\u2011RPT ayr\u0131 ayr\u0131 tan\u0131mlan\u0131r.<\/li>\n<\/ul>\n<p>B\u00f6ylece ana alan ad\u0131n\u0131z\u0131n itibar\u0131 ve BIMI g\u00f6r\u00fcn\u00fcrl\u00fc\u011f\u00fc, yo\u011fun pazarlama trafi\u011finin olas\u0131 dalgalanmalar\u0131ndan daha az etkilenir.<\/p>\n<h2><span id=\"Adim_adim_uygulama_rehberi_DNS_ve_sunucu_tarafinda_neler_yapmalisiniz\">Ad\u0131m ad\u0131m uygulama rehberi: DNS ve sunucu taraf\u0131nda neler yapmal\u0131s\u0131n\u0131z?<\/span><\/h2>\n<h3><span id=\"1_DNS_saglayicinizi_ve_otoriteyi_netlestirin\">1. DNS sa\u011flay\u0131c\u0131n\u0131z\u0131 ve otoriteyi netle\u015ftirin<\/span><\/h3>\n<p>\u00d6nce hangi platformun alan ad\u0131n\u0131z i\u00e7in <strong>yetkili DNS<\/strong> sa\u011flad\u0131\u011f\u0131n\u0131 netle\u015ftirin. NS kay\u0131tlar\u0131 DCHost\u2019a m\u0131, farkl\u0131 bir DNS servisine mi i\u015faret ediyor? <a href=\"https:\/\/www.dchost.com\/blog\/dns-kayitlari-nedir-a-aaaa-cname-mx-txt-ve-srv-rehberi\/\">DNS kay\u0131t t\u00fcrlerine dair rehberimiz<\/a> bu noktada referans olabilir.<\/p>\n<h3><span id=\"2_MTASTS_icin_alt_alan_ve_politika_dosyasini_hazirlayin\">2. MTA\u2011STS i\u00e7in alt alan ve politika dosyas\u0131n\u0131 haz\u0131rlay\u0131n<\/span><\/h3>\n<ol>\n<li><strong>Alt alan\u0131 olu\u015fturun<\/strong>: <code>mta-sts.example.com<\/code> i\u00e7in bir sanal host veya hosting hesab\u0131 a\u00e7\u0131n.<\/li>\n<li><strong>HTTPS sertifikas\u0131 al\u0131n<\/strong>: Let\u2019s Encrypt veya kurumsal bir SSL ile bu alt alan\u0131 g\u00fcvenceye al\u0131n.<\/li>\n<li><strong>Politika dosyas\u0131n\u0131 ekleyin<\/strong>: Web k\u00f6k dizini alt\u0131nda <code>\/.well-known\/mta-sts.txt<\/code> dosyas\u0131n\u0131 yarat\u0131n. \u0130\u00e7ine minik bir test politikas\u0131 koyun (<code>mode: none<\/code> ile ba\u015flay\u0131n).<\/li>\n<li><strong>DNS TXT kayd\u0131 ekleyin<\/strong>: <code>_mta-sts.example.com<\/code> i\u00e7in <code>v=STSv1; id=2025010101<\/code> gibi bir kay\u0131t ekleyin.<\/li>\n<\/ol>\n<h3><span id=\"3_TLSRPT_raporlama_adresini_planlayin\">3. TLS\u2011RPT raporlama adresini planlay\u0131n<\/span><\/h3>\n<ol>\n<li>Raporlar\u0131 okuyaca\u011f\u0131n\u0131z veya sisteme entegre edece\u011finiz bir e\u2011posta adresi belirleyin (\u00f6rn. <code>tls-report@example.com<\/code>).<\/li>\n<li>DNS\u2019e \u015fu kayd\u0131 ekleyin:<\/li>\n<\/ol>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">_smtp._tls.example.com. 3600 IN TXT \n  &quot;v=TLSRPTv1; rua=mailto:tls-report@example.com&quot;\n<\/code><\/pre>\n<ol start=\"3\">\n<li>\u0130lk raporlar gelmeye ba\u015flad\u0131\u011f\u0131nda sertifika ve ba\u011flant\u0131 hatalar\u0131n\u0131 tespit edin, gerekiyorsa MX taraf\u0131nda TLS yap\u0131land\u0131rman\u0131z\u0131 g\u00fcncelleyin.<\/li>\n<\/ol>\n<h3><span id=\"4_BIMI_icin_logo_ve_DMARC_politikasini_hazir_hale_getirin\">4. BIMI i\u00e7in logo ve DMARC politikas\u0131n\u0131 haz\u0131r hale getirin<\/span><\/h3>\n<ol>\n<li><strong>DMARC\u2019\u0131 s\u0131k\u0131la\u015ft\u0131r\u0131n<\/strong>: Raporlar\u0131 inceledikten sonra <code>p=quarantine<\/code> veya m\u00fcmk\u00fcnse <code>p=reject<\/code> seviyesine ge\u00e7in.<\/li>\n<li><strong>Logo dosyas\u0131n\u0131 olu\u015fturun<\/strong>: Kurumsal logonuzu BIMI uyumlu <strong>SVG Tiny PS<\/strong> format\u0131na d\u00f6n\u00fc\u015ft\u00fcr\u00fcn.<\/li>\n<li><strong>Statik bir alt alan ayarlay\u0131n<\/strong>: \u00d6rne\u011fin <code>brand.example.com<\/code> alt\u0131nda logoyu yay\u0131nlay\u0131n.<\/li>\n<li><strong>VMC durumu<\/strong>: VMC almay\u0131 d\u00fc\u015f\u00fcn\u00fcyorsan\u0131z, marka tescil ve sertifika s\u00fcrecini ba\u015flat\u0131n.<\/li>\n<li><strong>BIMI TXT kayd\u0131n\u0131 ekleyin<\/strong>:<\/li>\n<\/ol>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">default._bimi.example.com. 3600 IN TXT \n  &quot;v=BIMI1; l=https:\/\/brand.example.com\/logo-bimi.svg; a=&quot;\n<\/code><\/pre>\n<p>Daha sonra VMC edindi\u011finizde <code>a=<\/code> alan\u0131na sertifika URL\u2019sini ekleyebilirsiniz.<\/p>\n<h2><span id=\"DCHost_altyapisinda_dikkat_etmeniz_gereken_pratik_noktalar\">DCHost altyap\u0131s\u0131nda dikkat etmeniz gereken pratik noktalar<\/span><\/h2>\n<p>DCHost olarak hem <a href=\"https:\/\/www.dchost.com\/tr\/web-hosting\">payla\u015f\u0131ml\u0131 hosting<\/a> hem de <a href=\"https:\/\/www.dchost.com\/tr\/vps\">VPS<\/a>\/dedicated ve colocation altyap\u0131lar\u0131nda \u00e7al\u0131\u015fan \u00e7ok farkl\u0131 e\u2011posta mimarileri g\u00f6r\u00fcyoruz. MTA\u2011STS, TLS\u2011RPT ve BIMI kurarken \u015fu pratik \u00f6neriler i\u015finizi kolayla\u015ft\u0131r\u0131r:<\/p>\n<ul>\n<li><strong>Tek MX, \u00e7oklu IP kullan\u0131yorsan\u0131z<\/strong>: MTA\u2011STS politikas\u0131nda <code>mx: mail.example.com<\/code> \u015feklinde hostname belirlemeniz yeterli; IP\u2019leri tek tek yazman\u0131z gerekmez.<\/li>\n<li><strong>Failover MX\u2019ler<\/strong>: Yedek MX kay\u0131tlar\u0131n\u0131z (\u00f6rn. <code>mx2.example.com<\/code>) varsa, bunlar\u0131 da MTA\u2011STS politikas\u0131na eklemeyi unutmay\u0131n.<\/li>\n<li><strong>TTL de\u011ferleri<\/strong>: \u0130lk kurulumda DNS TTL de\u011ferlerini g\u00f6rece d\u00fc\u015f\u00fck (300\u2013900 sn) tutup, her \u015fey oturduktan sonra 3600 sn ve \u00fczerine \u00e7\u0131kabilirsiniz.<\/li>\n<li><strong>DNSSEC<\/strong>: E\u011fer alan ad\u0131n\u0131zda DNSSEC aktifse, MTA\u2011STS ve BIMI gibi g\u00fcvenlik kritik TXT kay\u0131tlar\u0131n\u0131n manip\u00fcle edilme riskini daha da d\u00fc\u015f\u00fcrm\u00fc\u015f olursunuz. DNSSEC kurmak isterseniz <a href=\"https:\/\/www.dchost.com\/blog\/dnssec-nedir-ne-ise-yarar-alan-adiniz-ve-hostinginiz-icin-adim-adim-dnssec-kurulum-rehberi\/\">DNSSEC kurulum rehberimize<\/a> g\u00f6z atabilirsiniz.<\/li>\n<li><strong>Log ve metrik takibi<\/strong>: Y\u00fcksek hacimli g\u00f6nderim yap\u0131yorsan\u0131z, MX taraf\u0131nda TLS handshake ve ba\u011flant\u0131 hatalar\u0131n\u0131 takip eden bir monitoring sistemi (Grafana, Prometheus vb.) kurmak faydal\u0131d\u0131r.<\/li>\n<\/ul>\n<h2><span id=\"Sonuc_Eposta_guvenligini_ve_markanizi_ayni_anda_guclendirmek_mumkun\">Sonu\u00e7: E\u2011posta g\u00fcvenli\u011fini ve markan\u0131z\u0131 ayn\u0131 anda g\u00fc\u00e7lendirmek m\u00fcmk\u00fcn<\/span><\/h2>\n<p>Bug\u00fcn rekabet\u00e7i dijital ortamda e\u2011posta, h\u00e2l\u00e2 hem sat\u0131\u015f hem destek hem de g\u00fcvenlik bildirimleri i\u00e7in en kritik kanal. Yaln\u0131zca SPF, DKIM ve DMARC ile yetinmek, g\u00fcvenlik denetimlerinde ve kurumsal marka alg\u0131s\u0131nda art\u0131k yetersiz kal\u0131yor. <strong>MTA\u2011STS ile TLS\u2019i zorunlu k\u0131lmak<\/strong>, <strong>TLS\u2011RPT ile hatalar\u0131 g\u00f6r\u00fcn\u00fcr hale getirmek<\/strong> ve <strong>BIMI ile markan\u0131z\u0131 gelen kutusunda \u00f6ne \u00e7\u0131karmak<\/strong>, alan ad\u0131n\u0131z\u0131 bir \u00fcst lige ta\u015f\u0131yan ad\u0131mlar.<\/p>\n<p>\u0130ster DCHost \u00fczerindeki payla\u015f\u0131ml\u0131 hosting paketlerimizle kurumsal sitenizi bar\u0131nd\u0131r\u0131yor olun, ister kendi VPS\/dedicated veya colocation sunucular\u0131n\u0131zda geli\u015fmi\u015f bir e\u2011posta altyap\u0131s\u0131 \u00e7al\u0131\u015ft\u0131r\u0131yor olun; bu \u00fc\u00e7 mekanizmay\u0131 do\u011fru planlad\u0131\u011f\u0131n\u0131zda:<\/p>\n<ul>\n<li>Ta\u015f\u0131ma katman\u0131nda \u015fifreleme a\u00e7\u0131klar\u0131n\u0131z\u0131 kapat\u0131r,<\/li>\n<li>Olas\u0131 yap\u0131land\u0131rma hatalar\u0131n\u0131 TLS\u2011RPT raporlar\u0131yla erken yakalar,<\/li>\n<li>DMARC ve BIMI sayesinde hem phishing sald\u0131r\u0131lar\u0131na kar\u015f\u0131 markan\u0131z\u0131 g\u00fc\u00e7lendirir hem de kullan\u0131c\u0131lar\u0131n\u0131z\u0131n g\u00f6z\u00fcnde g\u00fcvenilirli\u011finizi art\u0131r\u0131rs\u0131n\u0131z.<\/li>\n<\/ul>\n<p>E\u2011posta altyap\u0131n\u0131z\u0131 ta\u015f\u0131may\u0131, yeni bir g\u00f6nderim alan\u0131 kurgulamay\u0131 veya bu DNS ayarlar\u0131n\u0131 DCHost \u00fczerindeki mevcut hesab\u0131n\u0131zla entegre etmeyi d\u00fc\u015f\u00fcn\u00fcyorsan\u0131z, ekibimiz mimari tasar\u0131m ve ge\u00e7i\u015f plan\u0131 konusunda size destek olmaya haz\u0131r. Mevcut SPF\/DKIM\/DMARC durumunuzu, IP itibar\u0131n\u0131z\u0131 ve olas\u0131 MTA\u2011STS\/BIMI f\u0131rsatlar\u0131n\u0131 birlikte de\u011ferlendirelim; b\u00f6ylece hem g\u00fcvenlik ekibiniz hem de pazarlama taraf\u0131 ayn\u0131 anda kazanm\u0131\u015f olsun.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>\u0130&ccedil;indekiler1 E\u2011posta g\u00fcvenli\u011finde yeni katman: MTA\u2011STS, TLS\u2011RPT ve BIMI neden \u00f6nemli?2 Temel zemin: SPF, DKIM, DMARC ve TLS\u2019i do\u011fru kurmadan ilerlemeyin3 MTA\u2011STS nedir? SMTP i\u00e7in zorunlu TLS politikas\u01313.1 MTA\u2011STS neyi \u00e7\u00f6zer, SPF\/DMARC\u2019tan fark\u0131 nedir?3.2 MTA\u2011STS politika dosyas\u0131n\u0131n yap\u0131s\u01313.3 MTA\u2011STS DNS kayd\u0131 nas\u0131l g\u00f6r\u00fcn\u00fcr?3.4 MTA\u2011STS modlar\u0131: none, testing, enforce3.5 DCHost altyap\u0131s\u0131nda MTA\u2011STS politikas\u0131 nerede bar\u0131nmal\u0131?4 TLS\u2011RPT [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3726,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-3725","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/3725","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/comments?post=3725"}],"version-history":[{"count":0,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/3725\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media\/3726"}],"wp:attachment":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media?parent=3725"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/categories?post=3725"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/tags?post=3725"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}