http://www.dmarc.org/resources.html
From: Kevin Rehberg <[email protected]<mailto:[email protected]>> Date: Tuesday, March 26, 2013 4:56 PM To: Mike Jones <[email protected]<mailto:[email protected]>> Cc: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [dmarc-discuss] General Question on DMARC application Hi Mike, Thank you so much for your prompt response. They are not sending any legitimate mail from that subdomain – spam.client.com. Is there a URL or site you recommend that gives instructions on how to publish a DMARC reject policy? Thanks, Kevin From: Mike Jones [mailto:[email protected]] Sent: Tuesday, March 26, 2013 4:33 PM To: Kevin Rehberg Cc: [email protected]<mailto:[email protected]> Subject: Re: [dmarc-discuss] General Question on DMARC application Hi Kevin, Does your client send any legitimate email from the sub-domain currently being abused, spam.client.com<http://spam.client.com> in your example? If the answer is no, they do not send any legitimate email from that sub-domain, then they can certainly publish a DMARC reject policy for spam.client.com<http://spam.client.com> without doing anything related to SPF or DKIM. It might be advisable to take the additional step of setting up an empty -all SPF record for this sub-domain though, again only if they send no legitimate email from it. The answer to your next question is that nothing is to stop them from just switching to another sub-domain and they will probably do that if that domain is valuable enough to spoof. But a DMARC policy published the organizational domain (or parent domain) of client.com<http://client.com> is inherited by all sub-domains unless a sub-domain has it's own DMARC record explicitly published. A DMARC record at the parent domain level can be published with a separate sub-domain policy as well using the 'sp=' tag. Then that policy will be applied to all sub-domains unless a sub-domain has it's own DMAC record explicitly published. Hope this helps! Mike Mike Jones Director, Product Management & Receiver Services Agari [email protected]<mailto:[email protected]> Skype: jnzmike1 703-728-3978 (cell) On Mar 26, 2013, at 3:30 PM, Kevin Rehberg <[email protected]<mailto:[email protected]>> wrote: Hi, I have a client who would like to implement DMARC to offset spoofing. Spammers are sending from one of their subdomains, let’s call it spam.client.com<http://spam.client.com>. My understanding is they would need to apply SPF and DKIM to that subdomain before setting up DMARC. They already have SPF and DKIM in place from their actual sending domain, send.client.com<http://send.client.com>. My question is if they go through the trouble to set up DKIM/SPF/DMARC on the spam.client.com<http://spam.client.com> domain what is to stop the spammer from just changing to another domain like spammers.client.com<http://spammers.client.com>? If I apply the DMARC to their parent domain (client.com<http://client.com>), would that cover all subdomains? Thank you for your help! <image001.jpg> Kevin Rehberg | Account Development Coordinator [email protected]<mailto:[email protected]>| www.bluehornet.com<http://www.bluehornet.com/> Office: 619-342-4362 | Fax: 619-295-1246 2355 Northside Drive Suite B250 | San Diego, CA 92108 <image001.jpg>_______________________________________________ dmarc-discuss mailing list [email protected]<mailto:[email protected]> http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
