[dmarc-discuss] Suggested DMARC policy for PEC (Italian certified e-mail)

Al Iverson aiverson at wombatmail.com
Thu Feb 15 07:47:08 PST 2018


On the flip side of that, you might want to consider implementing p=reject
on the PEC sub-domain, since perhaps you don't want to deliver mail
claiming to be PEC mail if authentication fails. Wouldn't the three primary
reasons for DMARC failure be, DKIM signature mangling, email forwarding, or
spoofing? Only one of those (email forwarding) are likely to be legit/safe
messages.

Cheers,
Al Iverson

On Thu, Feb 15, 2018 at 9:40 AM, Todd Weltz via dmarc-discuss <
dmarc-discuss at dmarc.org> wrote:

> Hi Denis,
>
> For now, rather than leaving all sub-domains open, I would recommend
> publishing an explicit record for pec.salicetti.it with a p=none and
> setting salicetti.it back to sp=reject.  This will put the reject policy
> back in place for all other potential sub-domains, but the explicit record
> for pec.salicetti.it will mean that it will not inherit the sub-domain
> policy from salicetti.it
>
> It sounds like deliverability is absolutely critical on these messages so
> possibly you wouldn't move forward with a stronger DMARC policy on this
> sub-domain.  But potentially you could check with the Certified Email
> Provider to see if they have options to authenticate the mail.
>
> Regards,
> Todd Weltz
>
> On Thu, Feb 15, 2018 at 9:02 AM, Denis Salicetti via dmarc-discuss <
> dmarc-discuss at dmarc.org> wrote:
>
>> Hi,
>> I need a suggestion about a particular thing.
>>
>> In Italy, there is a "special" type of e-mail called PEC (certified
>> e-mail). This is the equivalent of a traditional registered mail with
>> return receipt. It is mandatory for all companies (legal stuff between them
>> or government). Basically, you get an electronic receipt every time a
>> message has been received by recipient's domain server (as a proof that you
>> got the message). More info here: https://en.wikipedia.org/wiki/
>> Certified_email
>>
>> The address format must be email at pec.domain.it
>>
>> I always used this configuration for salicetti.it (sp=reject; p=reject)
>> with no problem, but now I have to decide what to do for pec.salicetti.it.
>> For the moment I've changed it with (sp=none; p=reject).
>>
>> Said that I would like to know how to setup correctly DMARC policy for
>> this subdomain (pro and con). What do you suggest? Did any Italian members
>> of this list do that so far?
>>
>> I'm looking forward to your kind reply.
>>
>> Best regards.
>>
>> Denis Salicetti
>>
>> _______________________________________________
>> dmarc-discuss mailing list
>> dmarc-discuss at dmarc.org
>> http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>>
>> NOTE: Participating in this list means you agree to the DMARC Note Well
>> terms (http://www.dmarc.org/note_well.html)
>>
>
>
>
> --
> Todd Weltz, Customer Success Engineer
> tweltz at agari.com  l M: 416.471.8633 <(416)%20471-8633> l www.agari.com
> Changing Email Security For Good
>
> _______________________________________________
> dmarc-discuss mailing list
> dmarc-discuss at dmarc.org
> http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>
> NOTE: Participating in this list means you agree to the DMARC Note Well
> terms (http://www.dmarc.org/note_well.html)
>



-- 
al iverson // wombatmail // miami
http://www.aliverson.com
http://www.spamresource.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://dmarc.org/pipermail/dmarc-discuss/attachments/20180215/26e1919e/attachment-0001.html>


More information about the dmarc-discuss mailing list