diff --git a/content/blog/mail_server_alpine_postfix_dovecot_tutorial/index.md b/content/blog/mail_server_alpine_postfix_dovecot_tutorial.md
similarity index 75%
rename from content/blog/mail_server_alpine_postfix_dovecot_tutorial/index.md
rename to content/blog/mail_server_alpine_postfix_dovecot_tutorial.md
index 21240ea..6e9394d 100644
--- a/content/blog/mail_server_alpine_postfix_dovecot_tutorial/index.md
+++ b/content/blog/mail_server_alpine_postfix_dovecot_tutorial.md
@@ -782,292 +782,6 @@ With our setup, we are also able to use STARTTLS on port 143 (incoming) and 587
 
 You should be able to send and receive emails as normal now.
 
-# Set up SPF, DKIM, and DMARC
-
-<abbr title="Sender Policy Framework">SPF</abbr>, <abbr title="DomainKeys Identified Mail">DKIM</abbr>, and <abbr
-title="Domain-based Message Authentication, Reporting and Conformance">DMARC</abbr> records are TXT DNS records that
-protect against people spoofing your domain. Having correctly configured SPF, DKIM, and DMARC records helps your mail
-avoid getting caught by spam filters.
-
-SPF records indicate which hosts or IP addresses are allowed to send email from your domain.
-
-DKIM digitally signs emails with a private key to verify that they came from your server. If someone else without your
-private key sends email from your domain, they wouldn't be able to produce a valid DKIM signature. DKIM public keys are
-published in TXT DNS records, so that any other mail server can verify a signature of an email from your domain.
-
-DMARC records state that your domain uses SPF and DKIM, and that emails sent from your domain should pass SPF and DKIM
-checks.
-
-## Sender Policy Framework
-
-Add a TXT record for your root domain with the contents `v=spf1 mx ~all`, like:
-
-```dns
-revsuine.xyz.                    900   IN TXT   "v=spf1 mx ~all"
-```
-
-In your DNS manager, you would enter:
-
-<!-- html table so that header can be column not row -->
-
-<table>
-    <tr>
-        <th>Name</th>
-        <td><code>@</code></td>
-    </tr>
-    <tr>
-        <th>Type</th>
-        <td><code>TXT</code></td>
-    </tr>
-    <tr>
-        <th>TTL</th>
-        <td>Default (mine is 900)</td>
-    </tr>
-    <tr>
-        <th>TXT data</th>
-        <td><code>v=spf1 mx ~all</code></td>
-    </tr>
-</table>
-
-This is assuming you're sending emails from `domain.com` instead of, e.g. `sub.domain.com`. If your email addresses are
-like `user@sub.domain.com`, you would use `sub` as the name in the DNS record instead of `@`, which denotes the apex
-domain. The same applies for all the DNS records in this section.
-
-Breaking down the TXT data:
-
-<!-- html table bc the last cell is quite long in contents and markdown requires one cell to all be on one line -->
-
-<table>
-    <tr>
-        <th>Part</th>
-        <th>Explanation</th>
-    </tr>
-    <tr>
-        <td><code>v=spf1</code></td>
-        <td>This is an SPF record, and the SPF record version is SPF1.</td>
-    </tr>
-    <tr>
-        <td><code>mx</code></td>
-        <td>All hosts listed in MX records are allowed to send emails from this domain.</td>
-    </tr>
-    <tr>
-        <td><code>~all</code></td>
-        <td>
-            Emails from your domain should only come from hosts specified by your SPF record. Can also be
-            <code>+all</code>, <code>-all</code>, <code>?all</code>, but those are rarely used. <code>-all</code> means
-            that emails not from SPF-approved hosts should be rejected; however, this option can cause valid emails to
-            be rejected if the recipient has multiple SMTP servers, and an email is relayed from one of their SMTP
-            servers to another, for instance if one SMTP server goes down and they have a backup server.
-        </td>
-    </tr>
-</table>
-
-## DomainKeys Identified Mail
-
-### Configure OpenDKIM
-
-OpenDKIM is an open-source implementation of DKIM signing and authentication. You can install it with:
-
-    # apk add opendkim opendkim-utils
-
-You may also want `opendkim-doc` for documentation.
-
-Add the `postfix` user to the `opendkim` group:
-
-    # adduser postfix opendkim
-
-Edit your OpenDKIM config file at `/etc/opendkim/opendkim.conf`. Ensure the following is present (`Canonicalization` is
-likely already there, so just change and uncomment things, and add lines where necessary):
-
-```conf
-Canonicalization        relaxed/simple
-Mode                    sv
-SubDomains              no
-AutoRestart             yes
-AutoRestartRate         10/1M
-Background              yes
-DNSTimeout              5
-SignatureAlgorithm      rsa-sha256
-```
-
-Add the following to the config file:
-
-```conf
-# OpenDKIM user
-# Remember to add user postfix to group opendkim
-UserID             opendkim
-
-# Map domains in From addresses to keys used to sign messages
-KeyTable           refile:/etc/opendkim/key.table
-SigningTable       refile:/etc/opendkim/signing.table
-
-# Hosts to ignore when verifying signatures
-ExternalIgnoreList  /etc/opendkim/trusted.hosts
-
-# A set of internal hosts whose mail should be signed
-InternalHosts       /etc/opendkim/trusted.hosts
-```
-
-Create a directory for OpenDKIM's keys at `/etc/opendkim/keys/`, and ensure the directory is owned by `opendkim` and
-that no one else has read or write access to the keys directory:
-
-    # mkdir /etc/opendkim/keys
-    # chown -R opendkim:opendkim /etc/opendkim
-    # chmod go-rw /etc/opendkim/keys
-
-Create `/etc/opendkim/signing.table` and set its contents to the following:
-
-```
-*@domain.com      default._domainkey.domain.com
-*@*.domain.com    default._domainkey.domain.com
-```
-
-This tells OpenDKIM to use your domain's private key to sign any emails originating from `domain.com` and its
-subdomains. Replace `domain.com` with your domain.
-
-Now create `/etc/opendkim/key.table` and set its contents to:
-
-```
-default._domainkey.domain.com     domain.com:default:/etc/opendkim/keys/domain.com/default.private
-```
-
-Replacing `domain.com` with your domain. This tells OpenDKIM where your private key is stored.
-
-Create `/etc/opendkim/trusted.hosts` and set its contents to
-
-```
-127.0.0.1
-localhost
-
-.domain.com
-```
-
-Similarly, replace `domain.com` with your domain.
-
-### Generate your keys
-
-Create a directory for your domain's keys at `/etc/opendkim/keys/domain.com`. Use `opendkim-genkey` to generate your
-keys:
-
-    # opendkim-genkey -b 2048 -d domain.com -D /etc/opendkim/keys/domain.com -s default -v
-
-Replace `domain.com` with your domain.
-
-Set the owner and permissions of the private key so that only `opendkim` has read and write access to it:
-
-    # chown opendkim:opendkim /etc/opendkim/keys/domain.com/default.private
-    # chmod 600 /etc/opendkim/keys/domain.com/default.private
-
-### Publish your public key in your DNS records
-
-Look at your public key:
-
-    # cat /etc/opendkim/keys/domain.com/default.txt
-
-You'll see something like this:
-
-```
-default._domainkey	IN	TXT	( "v=DKIM1; k=rsa; "
-	 "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7QJxihVsEGhsZBLMxGKCVecIhjINp/zMGH0ExHN5QelxRIKdAHpJ33cZUBEsL0H27/4E8BK9RZ4AOaDMHfIGJ9FybyyD+gHhvKFFHzyts0QpkwLV+3bApsMqSR4ZsSzt3pZvRhQrXaoUds+9CyQBuEGx16PcA2O04/vWlvWhwStJrZWWHDYl2PX3QHfFFSsJaTsiFMwnMECvg"
-	 "a6TdBTcsbcHwfedkoeMv5RQFlKisqCEiJkUYbJaczDA88fcZm21eGW8HiCSwq3324ExfWSwPGVsXAn1Blq/oKklpjXQIwwrphglK//G6AF7M3AAfqBdCvUbkAjs28fJwGqiVxaCwIDAQAB" )  ; ----- DKIM key default for revsuine.xyz
-```
-
-This is what your DNS record should look like. Copy **everything between the brackets** and add it to your DNS record:
-
-<!-- using html table for above reasons of line breaks... -->
-
-<table>
-    <tr>
-        <th>Name</th>
-        <td><code>default._domainkey</code></td>
-    </tr>
-    <tr>
-        <th>Type</th>
-        <td><code>TXT</code></td>
-    </tr>
-    <tr>
-        <th>TTL</th>
-        <td>Default value (mine is 900)</td>
-    </tr>
-    <tr>
-        <th>TXT data</th>
-        <td>
-            What you copied from between the brackets, <em>with all double quotes and extra whitespace (beyond a single
-            space character) removed</em>
-        </td>
-    </tr>
-</table>
-
-So with the above public key, my DNS record is
-
-```dns
-default._domainkey.revsuine.xyz. 900   IN TXT   (
-                                                  "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQ"
-                                                  "EFAAOCAQ8AMIIBCgKCAQEAu7QJxihVsEGhsZBLMx"
-                                                  "GKCVecIhjINp/zMGH0ExHN5QelxRIKdAHpJ33cZU"
-                                                  "BEsL0H27/4E8BK9RZ4AOaDMHfIGJ9FybyyD+gHhv"
-                                                  "KFFHzyts0QpkwLV+3bApsMqSR4ZsSzt3pZvRhQrX"
-                                                  "aoUds+9CyQBuEGx16PcA2O04/vWlvWhwStJrZWWH"
-                                                  "DYl2PX3QHfFFSsJaTsiFMwnMECvg a6TdBTcsbcH"
-                                                  "wfedkoeMv5RQFlKisqCEiJkUYbJaczDA88fcZm21"
-                                                  "eGW8HiCSwq3324ExfWSwPGVsXAn1Blq/oKklpjXQ"
-                                                  "IwwrphglK//G6AF7M3AAfqBdCvUbkAjs28fJwGqi"
-                                                  "VxaCwIDAQAB"
-                                                )
-```
-
-and what I entered into the data field of my DNS manager when adding the record was
-
-```
-v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7QJxihVsEGhsZBLMxGKCVecIhjINp/zMGH0ExHN5QelxRIKdAHpJ33cZUBEsL0H27/4E8BK9RZ4AOaDMHfIGJ9FybyyD+gHhvKFFHzyts0QpkwLV+3bApsMqSR4ZsSzt3pZvRhQrXaoUds+9CyQBuEGx16PcA2O04/vWlvWhwStJrZWWHDYl2PX3QHfFFSsJaTsiFMwnMECvg a6TdBTcsbcHwfedkoeMv5RQFlKisqCEiJkUYbJaczDA88fcZm21eGW8HiCSwq3324ExfWSwPGVsXAn1Blq/oKklpjXQIwwrphglK//G6AF7M3AAfqBdCvUbkAjs28fJwGqiVxaCwIDAQAB
-```
-
-You can now test your DKIM key with:
-
-    # opendkim-testkey -d domain.com -s default -vvv
-
-Don't worry about
-
-```
-opendkim-testkey: key not secure
-```
-
-This just means that DNSSEC isn't enabled for your domain name.
-
-### Use OpenDKIM with Postfix
-
-You can use a Unix socket for this, but I couldn't get the Unix socket to work, so I'll show you how to connect Postfix
-to OpenDKIM using a TCP/IP socket on port 8891 instead.
-
-Edit your OpenDKIM config `/etc/opendkim/opendkim.conf`, and ensure that the following line is present:
-
-```conf
-Socket                  inet:8891@localhost
-```
-
-Also make sure there are no other uncommented `Socket` lines.
-
-Now configure Postfix at `/etc/postfix/main.cf`, and add the following lines:
-
-```conf
-milter_default_action = accept
-milter_protocol = 6
-smtpd_milters = inet:127.0.0.1:8891
-non_smtpd_milters = $smtpd_milters
-```
-
-This uses the Milter extension, which is something that can be used to process mail; in this case, to add headers to
-emails relating to DKIM.
-
-<!-- TODO DMARC section here -->
-
-### Test SPF, DKIM, and DMARC
-
-You can use [mail-tester.com](https://www.mail-tester.com/) and send an email from your domain to check that SPF, DKIM,
-and DMARC are all working for your server.
-
-![Screenshot of mail-tester.com authentication results passing all checks](mail-tester_auth_results.png)
-
 <!-- FOOTNOTES: -->
 
 [^server_trust]: This is only true to the extent that your server is not compromised. You could say there's an order of
diff --git a/content/blog/mail_server_alpine_postfix_dovecot_tutorial/mail-tester_auth_results.png b/content/blog/mail_server_alpine_postfix_dovecot_tutorial/mail-tester_auth_results.png
deleted file mode 100644
index fc95125..0000000
Binary files a/content/blog/mail_server_alpine_postfix_dovecot_tutorial/mail-tester_auth_results.png and /dev/null differ