{"id":362389,"date":"2021-11-04T15:00:31","date_gmt":"2021-11-04T12:00:31","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/setting-up-email-security-cloudsavvy-it\/"},"modified":"2021-11-04T15:00:31","modified_gmt":"2021-11-04T12:00:31","slug":"setting-up-email-security-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/setting-up-email-security-cloudsavvy-it\/","title":{"rendered":"#Setting Up Email Security \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a36ea55480dc\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a36ea55480dc\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/setting-up-email-security-cloudsavvy-it\/#SPF\" >SPF<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/setting-up-email-security-cloudsavvy-it\/#Setting_up_SPF\" >Setting up SPF<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/setting-up-email-security-cloudsavvy-it\/#DKIM\" >DKIM<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/setting-up-email-security-cloudsavvy-it\/#Setting_up_DKIM\" >Setting up DKIM<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/setting-up-email-security-cloudsavvy-it\/#DMARC\" >DMARC<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/setting-up-email-security-cloudsavvy-it\/#Summary\" >Summary<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#Setting Up Email Security \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<figure style=\"width: 1200px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage size-full wp-image-14609\" srcset=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/10\/46feb9e1.jpg?width=398&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 400w, https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/10\/46feb9e1.jpg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 1200w\" sizes=\"auto, 400w, 1200w\" src=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/10\/46feb9e1.jpg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"Graphic of stylized mail and security icons\" width=\"1200\" height=\"675\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"type:primaryImage imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-illustration\/internet-security-concept-251347966\">bluebay\/Shutterstock.com<\/a><\/span><\/figcaption><\/figure>\n<p>DKIM, DMARC, and SPF are the three main mechanisms maintaining the security of emails. The related protocols let you prevent unauthorized servers from sending as your domain and give recipients a way to verify emails really come from you.<\/p>\n<p>In this guide we\u2019ll explore what each <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> does, why it\u2019s needed, and what you should do to set it up. You\u2019ll need all three pieces to maximize your email server\u2019s deliverability and reputation.<\/p>\n<h2 id=\"spf\"><span class=\"ez-toc-section\" id=\"SPF\"><\/span>SPF<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>We\u2019ll take SPF first as it\u2019s the simplest and oldest item on the list. SPF uses DNS records to define the server IP addresses that can send emails as a domain.<\/p>\n<p>An SPF record typically looks like this:<\/p>\n<pre>v=spf1 ip4:123.123.123.123 ~all<\/pre>\n<p>If this record was set on <code>example.com<\/code>, only the server at <code>123.123.123.123<\/code> would be able to send emails with a <code>FROM: user@example.com<\/code> header. The <code>~all<\/code> excludes all other IP addresses except those in the list.<\/p>\n<p>SPF is enforced by the receiving email server. It\u2019ll check the IP address of the sending server, the domain in the email\u2019s <code>FROM<\/code> header, and the list of permitted senders in that domain\u2019s SPF DNS record. The delivery will be failed if the sending server\u2019s IP isn\u2019t in the list.<\/p>\n<p>SPF distinguishes between \u201csoft\u201d and \u201chard\u201d fails. Writing <code>~all<\/code> in your header indicates a soft fail when an unauthorized sender is encountered; <code>-all<\/code> instructs the receiving server to use a hard fail.<\/p>\n<p>The email will be discarded entirely in a hard fail scenario. Soft fails may permit the email to be delivered to the recipient\u2019s junk folder. Now DMARC is widely available, which we\u2019ll see below, it\u2019s <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">general<\/a>ly recommended to use <code>~all<\/code> (soft fail). This avoids false positives with legitimate emails, hands more control to DMARC, and can aid debugging in later verification stages.<\/p>\n<h3 id=\"setting-up-spf\"><span class=\"ez-toc-section\" id=\"Setting_up_SPF\"><\/span>Setting up SPF<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>It\u2019s easy to configure SPF for your domain. Head to your domain\u2019s control panel, find the section for setting DNS records, and add a new <code>TXT<\/code> record. Write a valid SPF string as the value and save your record.<\/p>\n<p>SPF records support several kinds of whitelist token:<\/p>\n<ul>\n<li><code>ip4:123.123.123.123<\/code> \u2013 Allow the specified IPv4 address.<\/li>\n<li><code>ip6:abcd:1234:90ab:cdef:5678:90de:fabc<\/code> \u2013 Allow the specified IPv6 address.<\/li>\n<li><code>a:example.com<\/code> \u2013 Allow the IP address given by the DNS <code>A<\/code> record for <code>example.com<\/code>.<\/li>\n<li><code>mx:example.com<\/code> \u2013 Allow IP addresses given by one of the DNS <code>MX<\/code> records for <code>example.com<\/code>.<\/li>\n<li><code>include:example.com<\/code> \u2013 Query the SPF record of this domain too and use its whitelist in addition to your direct definitions. Simplifies integration of popular third-party email services.<\/li>\n<li><code>redirect:example.com<\/code> \u2013 Ignore other tokens and use the SPF record advertised by <code>example.com<\/code>.<\/li>\n<\/ul>\n<p>You can combine several sources by adding multiple tokens to your header:<\/p>\n<p><code>v=spf1 ip4:123.123.123.123 include:example.com ~all<\/code><\/p>\n<h2 id=\"dkim\"><span class=\"ez-toc-section\" id=\"DKIM\"><\/span>DKIM<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>DKIM stands for \u201cDomainKeys Identified Mail.\u201d Whereas SPF indicates whether a server can send as your domain, DKIM looks at the emails themselves. It\u2019s a signing system that lets receiving servers trace emails back to their origin.<\/p>\n<p>DKIM helps receiving email servers answer these questions:<\/p>\n<ul>\n<li>Have the email\u2019s headers been modified since leaving the sender?<\/li>\n<li>Has the email\u2019s body been tampered with since leaving the sender?<\/li>\n<li>Is the sending server authorized to send as this domain? <em>(Overlaps with SPF)<\/em><\/li>\n<\/ul>\n<p>The DKIM system offers a way to verify an email is authentic, unmodified, and actually sent by your server. When a DKIM check fails, the receiving server will treat the email as untrustworthy. It\u2019s up to the server to decide what to do with the email. It\u2019s likely it\u2019ll end up in the recipient\u2019s spam folder but it could be dropped entirely.<\/p>\n<h3 id=\"setting-up-dkim\"><span class=\"ez-toc-section\" id=\"Setting_up_DKIM\"><\/span>Setting up DKIM<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DKIM uses encryption to enable server identity verification. Setting up DKIM requires generation of a public and private keypair. The public key is added to your domain\u2019s DNS records.<\/p>\n<p>The private key is kept secret and becomes part of your mail server\u2019s configuration. The software will use this key to sign each email it sends. When a receiving server gets a new message, it\u2019ll query the domain\u2019s DKIM DNS record and use the public key to check whether the email\u2019s been tampered with.<\/p>\n<p>The exact steps for setting up DKIM will vary depending on the mail transfer agent you\u2019re using. Here\u2019s an example of how to get it working with Postfix:<\/p>\n<pre># Install OpenDKIM implementation&#13;\nsudo apt install opendkim opendkim-tools&#13;\n&#13;\n# Add the Postfix user to the OpenDKIM group&#13;\nsudo gpasswd -a postfix opendkim<\/pre>\n<p>Open <code>\/etc\/opendkim.conf<\/code> and uncomment or add the following lines:<\/p>\n<pre>Canonicalization    relaxed\/simple&#13;\nMode                sv&#13;\nAutoRestart         yes&#13;\nAutoRestartRate     5\/1H&#13;\nSignatureAlgorithm  rsa-sha256&#13;\nUserID              opendkim<\/pre>\n<p>This configures OpenDKIM for use as both a signer of outgoing mail and verifier of incoming messages. Here\u2019s what you\u2019re setting:<\/p>\n<ul>\n<li><strong><code>Canonicalization<\/code><\/strong> \u2013 Defines how strict OpenDKIM is when verifying whether an incoming email has been tampered with. The default is <code>simple<\/code> which permits no modification. This usually results in legitimate emails going missing as messages which inter<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>ry mail servers have slightly modified, such as by tweaking whitespace or line lengths, will be discarded. <code>relaxed\/simple<\/code> allows more non-critical discrepancies.<\/li>\n<li><strong><code>Mode<\/code><\/strong> \u2013 Enable both signing (<code>s<\/code>) and verification (<code>v<\/code>) modes.<\/li>\n<li><strong><code>AutoRestart<\/code> and <code>AutoRestartRate<\/code><\/strong> \u2013 Restart on failure, provided there are no more than five restarts in an hour.<\/li>\n<li><strong><code>SignatureAlgorithm<\/code><\/strong> \u2013 Encryption algorithm to use when signing outgoing messages.<\/li>\n<\/ul>\n<p>Next add the following extra lines to the file:<\/p>\n<pre># Maps domains to the keys used to sign emails&#13;\nKeyTable            refile:\/etc\/opendkim\/key.table&#13;\nSigningTable        refile:\/etc\/opendkim\/signing.table&#13;\n&#13;\n# Ignore these hosts when verifying incoming signatures&#13;\nExternalIgnoreList  \/etc\/opendkim\/trusted.hosts&#13;\n&#13;\n# Internal hosts to enable outgoing mail signing for&#13;\nInternalHosts       \/etc\/opendkim\/trusted.hosts<\/pre>\n<p>Save and close the configuration file. Next create the m<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ing files referenced above:<\/p>\n<pre>sudo mkdir \/etc\/opendkim&#13;\nsudo mkdir \/etc\/opendkim\/keys&#13;\nsudo chown -R opendkim:opendkim \/etc\/opendkim&#13;\nsudo chmod go-rw \/etc\/opendkim\/keys<\/pre>\n<p>Create <code>\/etc\/opendkim\/trusted.hosts<\/code> first:<\/p>\n<pre>127.0.0.1&#13;\nlocalhost&#13;\n&#13;\n*.example.com<\/pre>\n<p>This specifies that emails originating from local addresses or your domain are already trusted.<\/p>\n<p>Open <code>\/etc\/opendkim\/signing.table<\/code> and add the following content:<\/p>\n<pre>*@example.com       default._domainkey.example.com<\/pre>\n<p>This instructs OpenDKIM that messages sent from any <code>example.com<\/code> address should be signed with the <code>default._domainkey.example.com<\/code> key.<\/p>\n<p>Now open <code>\/etc\/opendkim\/key.table<\/code> and add this content:<\/p>\n<pre>default._domainkey.example.com     example.com:default:\/etc\/opendkim\/keys\/example.com\/default.private<\/pre>\n<p>The <code>default._domainkey.example.com<\/code> selector defined above is configured to use the private key at <code>\/etc\/opendkim\/keys\/example.com\/default.private<\/code>. We\u2019ll generate this key next.<\/p>\n<pre>sudo opendkim-genkey -d example.com -D \/etc\/opendkim\/keys\/example.com -s default -v&#13;\nsudo chown opendkim:opendkim \/etc\/opendkim\/keys\/example.com\/default.private&#13;\nsudo chmod 600 \/etc\/opendkim\/keys\/example.com\/default.private<\/pre>\n<p>The key generation command will produce your public and private keys.<\/p>\n<p>Next you need to add the public key as a DNS record on your domain. Open <code>\/etc\/opendkim\/keys\/example.com\/default.txt<\/code>. Copy everything after <code>TXT<\/code> and paste it as the value of your DNS record. Use <code>default._domainkey<\/code> as the DNS hostname as this is the name of the selector used throughout the commands above.<\/p>\n<p>The final step is to connect OpenDKIM to Postfix. Open your OpenDKIM configuration file again and add the following line if it\u2019s not there already:<\/p>\n<pre>Socket      inet:8891@localhost<\/pre>\n<p>This creates a TCP socket which Postfix will use to pass emails to OpenDKIM for signing and verification. Next open your Postfix configuration file, <code>\/etc\/postfix\/main.cf<\/code>:<\/p>\n<pre>milter_protocol = 2&#13;\nmilter_default_action = accept&#13;\nsmtpd_milters = inet:localhost:8891&#13;\nnon_smtpd_milters = inet:localhost:8891<\/pre>\n<p>If the last two lines already exist with comma-separated values, you\u2019ve already got some Postfix filters in use. Add the OpenDKIM filter to the end of the existing list instead of creating a new line. This will ensure OpenDKIM applies in addition to your existing filters.<\/p>\n<p>Now you can restart Postfix (<code>service postfix restart<\/code>) and benefit from DKIM-signed messages. You can check your key\u2019s configured correctly using the <code>opendkim-testkey<\/code> command:<\/p>\n<pre>sudo opendkim-testkey -d example.com -s default -vvv<\/pre>\n<pre>opendkim-testkey: using default configfile \/etc\/opendkim.conf&#13;\nopendkim-testkey: checking key 'default._domainkey.example.com'&#13;\nopendkim-testkey: key secure&#13;\nopendkim-testkey: key OK<\/pre>\n<p>To test an actual email, send a message to <code>check-auth@verifier.port25.com<\/code>. Look for <code>DKIM check: pass<\/code> in the results. If a failure\u2019s indicated, inspect the Postfix log at <code>\/etc\/var\/mail.log<\/code> to look for signing errors.<\/p>\n<pre>==========================================================&#13;\nSummary of Results&#13;\n==========================================================&#13;\nSPF check:          pass&#13;\nDomainKeys check:   neutral&#13;\nDKIM check:         pass<\/pre>\n<h2 id=\"dmarc\"><span class=\"ez-toc-section\" id=\"DMARC\"><\/span>DMARC<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>DMARC is \u201cDomain-Based Message Authentication, Reporting and Conformance.\u201d It\u2019s another protocol for preventing unauthorized use of domain names by sending email servers.<\/p>\n<p>Unlike SPF and DKIM, DMARC gives domain owners a way to specify what happens when an email server receives a message without proper authentication. There are three supported actions:<\/p>\n<ul>\n<li><code>none<\/code> \u2013 The server can continue to deliver the message.<\/li>\n<li><code>quarantine<\/code> \u2013 Deliver the message to junk or spam.<\/li>\n<li><code>reject<\/code> \u2013 Reject and bounce the message.<\/li>\n<\/ul>\n<p>DMARC also provides a reporting mechanism. You can specify a server endpoint that receiving mail servers will call when they get an email purporting to be from your domain. This gives you a cross-internet view of the servers that are sending as your domain.<\/p>\n<p>Here\u2019s an example DMARC DNS record. It should be added as a TXT record against the <code>_dmarc.example.com<\/code> hostname.<\/p>\n<pre>v=DMARC1; p=none; rua=mailto:user@example.com<\/pre>\n<ul>\n<li><strong><code>p=none<\/code><\/strong> \u2013 The <code>p<\/code> tag tells mail servers what to do when an unauthenticated message arrives. Its value must be one of the actions named above.<\/li>\n<li><strong><code>rua=mailto...<\/code><\/strong> \u2013 The <code>rua<\/code> tag instructs servers where to send reporting data to. In this case, it\u2019ll be emailed to you. Reports are generally sent daily and let you monitor for unauthorized sending activity.<\/li>\n<\/ul>\n<p>There are other supported <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/support.google.com\/a\/answer\/2466563\">DMARC tags<\/a> too. These let you define a separate policy action for subdomains, vary the enforcement strictness for SPF and DKIM checks, and configure a percentage of emails which DMARC will apply to.<\/p>\n<h2 id=\"summary\"><span class=\"ez-toc-section\" id=\"Summary\"><\/span>Summary<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>SPF, DKIM, and DMARC are three technologies which enforce security and trust in the email ecosystem. If you\u2019re sending emails from your own server, you should use all three so recipients can verify you\u2019re authorized to use your domain as a from address. This will reduce your risk of deliverability issues.<\/p>\n<p>SPF and DMARC are simple DNS records. DKIM combines a public DNS record with a private key that\u2019s handled by your email server. SPF is for limiting the servers that can send as your domain; DKIM is a newer alternative that includes verification of message integrity.<\/p>\n<p>DMARC provides a way to define what happens when other checks fail. It also adds the previously missing reporting mechanism so domain owners can monitor authentication failures. It\u2019s still relatively young and won\u2019t be supported by all email servers. Nonetheless it is accepted by major providers and is worth setting up as another layer of protection.\n<\/p><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/14608\/dkim-dmarc-and-spf-setting-up-email-security\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#Setting Up Email Security \u2013 CloudSavvy IT&#8221; bluebay\/Shutterstock.com DKIM, DMARC, and SPF are the three main mechanisms maintaining the security of emails. The related protocols let you prevent unauthorized servers from sending as your domain and give recipients a way to verify emails really come from you. In this guide we\u2019ll explore what each technology&#8230;<\/p>\n","protected":false},"author":1,"featured_media":362390,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/10\/46feb9e1.jpg","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-362389","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/362389","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=362389"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/362389\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/362390"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=362389"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=362389"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=362389"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}