[dmarc-discuss] DMARC and vanity domains

Terry Zink tzink at microsoft.com
Fri Aug 25 11:25:49 PDT 2017

You could simplify it down to remove the subdomain policy:

"v=DMARC1; p=reject; rua=<...>; fo=1;"

This means that all subdomains will inherit the organizational domain's p=reject. You would only set up DKIM or SPF for the subdomain if you want to send email from it and not fail DMARC.


From: dmarc-discuss [mailto:dmarc-discuss-bounces at dmarc.org] On Behalf Of Marc Luescher via dmarc-discuss
Sent: Friday, August 25, 2017 10:23 AM
To: dmarc-discuss at dmarc.org
Subject: [dmarc-discuss] DMARC and vanity domains

Hi there,

we are setting up a lot of vanity domains to make sure they can not be used for abuse.

main domain fresenius.com
vanity 1 fressenius.com etc

My idea was to just to create a DMARC record like :

v=DMARC1; p=reject; rua=mailto:716767a6 at mxtoolbox.dmarc-report.com,mailto:92ef88808ad6806 at rep.dmarcanalyzer.com,mailto:yjgni57k at ag.dmarcian.com;ruf=mailto:92ef88808ad6806 at for.dmarcanalyzer.com,mailto:yjgni57k at ag.dmarcian.com; sp=reject; fo=1;

for all newly registered vanity domians and to authorize it in the master domain. Would this be best practice or do we need for every vanity domain also a valid SPF and/or DKIM record to be fully compliant. I did not find any guideline how to do this.

Thank you

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://dmarc.org/pipermail/dmarc-discuss/attachments/20170825/b9fcdd24/attachment.html>

More information about the dmarc-discuss mailing list