Hi, Franck,
On 12/10/2013 10:40 PM, Franck Martin wrote:
On Dec 10, 2013, at 11:39 AM, John Levine <[email protected]> wrote:
Suggest following this thread from 2007.
http://mipassoc.org/pipermail/ietf-dkim/2007q2/007663.html
That's the null MX proposal. I resuscitated Mark Delany's draft in
July, and I suppose I might nudge Murray to see if appsawg would
accept it, but it's a separate issue.
For DMARC, what advice can we offer beyond publishing SPF -al and DKIM
p=reject? (Normally I'm not a big fan of p=reject, but this is a
place where it's clearly appropriate.)
I propose to add something along these lines in the DMARC FAQ.
I have parked domains that do not send emails, how can I protect them?
First create a DMARC record on your main domain (example.com) for all your
parked domains:
_dmarc.parked.example.com TXT "v=DMARC1; p=reject; rua=
mailto:[email protected];";
If example.net is a parked domain you can then protect it this way:
_dmarc.example.net CNAME _dmarc.parked.example.com
example.net TXT "v=spf1 -all"
*.example.net TXT "v=spf1 -all"
The CNAME allows you to control in one place all your parked domains. If you
want, for instance, to start receiving failure reports for all your parked
domains, you just need to update one DNS record. In the example above the
record becomes:
_dmarc.parked.example.com TXT "v=DMARC1; p=reject;
rua=mailto:[email protected]; ruf=mailto:[email protected];";
This will update all the domains using this CNAME.
are you sure that all DNS implementations (both client and server)
support this construct (client requests TXT record, server returns
CNAME, client interprets CNAME, client requests TXT record for aliased
domain)? AFAICS it's not violating any (DNS) standards...
/rolf
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
