The acceptance email I got today came from a dreamhost but they are not in your SPF record, lemmy.ml spf record should look like this
{v=spf1 ip4:51.38.185.90 include:netblocks.dreamhost.com include:relay.mailchannels.net include:spf.improvmx.com ~all}
If you are no longer sending mail from 51.38.185.90 or improvmx, those should be removed
The grab the DKIM records
Select Manage websites
Click DNS
Locate this record
and enter it as a TXT value to your nameservers. This is a public key, your mail server signs the emails in the header with a private key so when a recipient receives the mail it is able to decrypt the signature with the public key in DNS validating the mail.
Finally add a DMARC record
_dmarc.lemmy.ml
make it another TXT record with the value "v=DMARC1; p=none"
This doesn't set a dmarc policy for your domain but tells other servers you know what you are doing and lowers the chances that you are sending spam. You can sign up for a dmarc conformance service like mailhardener.com or something and publish their dashboard to see the delivery statistics if you want to move the policy to quarantine or reject which would be the ideal state.
Deleted this, I'm using a forwarding service lol and I fucked up.