I am trying to collect some data about the use of security measures used in an 
email server in your home or with a provider where you do your own 
configuration.

Apart from doing malware checking on incoming messages, there are more 
measures you can take to protect the email with your own email server.

The first measure is SPF checking, which means that you check that an incoming 
email really comes from the server it should come from. The owner of that 
server entered a so-called SPF TXT record in the DNS to indicate which 
server(s) are allowed to send messages with that domain name in the From 
address. You can do the same by having such a TXT record in the DNS with your 
domain. Obviously you rely on others to check this SPF TXT record. There might 
come some time that email that cannot be checked this way will be refused or 
at least goes into the spam folder.

A second measure is DKIM checking and signing. When you inspect message from 
gmail.com you will see that these messages contain a DKIM signatures. The 
measure you take is that you check if the incoming signed message is really 
coming with a proper signature and is not tampered with (the content, 
including headers, is signed). 
But you can do the same. You can sign outgoing message with your DKIM 
signature. This means that you sign your messages with your private key and 
the public key is in the DNS of your domain. Signing messages this way makes 
it more likely that your messages are accepted. I did receive returned 
messages because they did not have a DKIM signature or could not be checked 
using SPF.

The third measure is DMARC. This also twofold, checking and providing a DMARC 
TXT record in the DNS of your domain. A DMARC record indicates what receiving 
servers should do with SPF and DKIM checks. So you have some control over what 
will be done when checks fail or partly fail (when the From-address contains a 
subdomain of your domain).

Please indicate whether you are interested in a script to implement these 
measures.