>Can a delegated zone have its own DKIM, SPF and DMARC records? There's no way to answer this question, because DKIM, SPF, and DMARC have no relationship whatsoever to zone delegations. They're defined in terms of domain names, and zone cuts don't matter.
You can put DKIM, SPF, and DMARC records at any domain name. SPF looks up whatever domain name is in the envelope bounce address, DKIM looks up whatever domain name is in the d= field of the DKIM signature, and DMARC usually looks up the domain in the From: address. The only exception is there is a hack in DMARC such that if the lookup for the DMARC record doesn't find anything, it can look for an "organizational" domain name, typically using the Mozilla Public Suffix List. For example, if the From: address were [email protected] and there were no DMARC record at _dmarc.newjersey.example.com, it could also look for _dmarc.example.com. The organizational domain is chosen by counting dots in the name, not by looking at zone cuts. R's, John _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
