Also note that SPF does not apply to subdomains automatically. What we have done with some financial clients:
- create a wild-card record on the organizational domain with "v=spf1 -all" so it is returned with any subdomain SPF query - if a subdomain is used for email, create a separate zone with a valid SPF that overrides the wildcard record As already mentioned, I also think it's good practice for financials to register and protect cousin or look-alike domains, before phishers resort to them because the main domain is protected. Maarten Oelering On 9 dec. 2013, at 15:27, Steven M Jones wrote: > On 12/09/2013 01:49 AM, Andreas Schulze wrote: >> >> Google suggest to set a dmarc record for domains not used to send email: >> http://googleonlinesecurity.blogspot.de/2013/12/internet-wide-efforts-to-fight-email.html?m=1 >> >> >> Anybody just doing so? >> Should I set simple "p=reject" or also request reports? > > We're doing so at a major US financial institution (not the one Tim > mentioned). We're trying to get the creation of empty SPF "-all" and DMARC > records made standard for all of our non-sending domains. > > Ideally this is something that domain management vendors like MarkMonitor > would be doing automatically... > > --Steve. > _______________________________________________ > dmarc-discuss mailing list > [email protected] > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well terms > (http://www.dmarc.org/note_well.html) _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
