[dmarc-discuss] DMARC and vanity domains
tzink at microsoft.com
Fri Aug 25 11:25:49 PDT 2017
You could simplify it down to remove the subdomain policy:
"v=DMARC1; p=reject; rua=<...>; fo=1;"
This means that all subdomains will inherit the organizational domain's p=reject. You would only set up DKIM or SPF for the subdomain if you want to send email from it and not fail DMARC.
From: dmarc-discuss [mailto:dmarc-discuss-bounces at dmarc.org] On Behalf Of Marc Luescher via dmarc-discuss
Sent: Friday, August 25, 2017 10:23 AM
To: dmarc-discuss at dmarc.org
Subject: [dmarc-discuss] DMARC and vanity domains
we are setting up a lot of vanity domains to make sure they can not be used for abuse.
main domain fresenius.com
vanity 1 fressenius.com etc
My idea was to just to create a DMARC record like :
v=DMARC1; p=reject; rua=mailto:716767a6 at mxtoolbox.dmarc-report.com,mailto:92ef88808ad6806 at rep.dmarcanalyzer.com,mailto:yjgni57k at ag.dmarcian.com;ruf=mailto:92ef88808ad6806 at for.dmarcanalyzer.com,mailto:yjgni57k at ag.dmarcian.com; sp=reject; fo=1;
for all newly registered vanity domians and to authorize it in the master domain. Would this be best practice or do we need for every vanity domain also a valid SPF and/or DKIM record to be fully compliant. I did not find any guideline how to do this.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dmarc-discuss