I'm trying to figure out how to handle DMARC for two different
customers. If this is already documented somewhere, please point me to
the documentation because I don't think I've seen so far.
Customer 1 is sending work notices to employees in the field. Customer 2
is sending automated messages from different types of monitoring tools
through a single relay server[1] which will adjust the message headers
and sign the message.
In both cases, we want to handle email from the servers separate from
the servers in the parent zone. The parent zones already has DKIM, SPF,
and DKIM record set up for a different set of servers (corporate and
third party marketing).
Can a delegated zone have its own DKIM, SPF and DMARC records? Do I need
to make the from email address be an address within the zone or can it
be an email address from the parent zone?
For example, let's say the parent domain is example.com and the zone is
task.example.com.
Can I set up the dmarc info for the zone something like:
_dmarc.task TXT v=DMARC1; p=none;rua=mailto:task_...@example.com;
fo=0; adkim=r; aspf=r;sp=none
I'm assuming the lack of a '.' after the domain name would do the usual
thing of adding on the parent zone's name. I suspect that the dkim
and spf zone specific records would look something like:
task._domainkey IN TXT "v=DKIM1; k=rsa; " "p=MIGfMA0GCS...."
@ TXT v=spf1 a:task.example.com -all
For email headers, I'm assuming that everything would need to be
@task.example.com with a reply-to: x...@example.com.
how far off base am I?
thanks for guidance.
--- eric
[1] no, it's not an open relay. Addresses are white listed and a
limited number of destinations are permitted. Someday I'll get my client
to move to full signing everywhere and filtering on the signature.
_______________________________________________
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
