Roland Turner wrote: > Petr Novák, > >> in this specific case I was just testing our mail server with all >> possible DMARC settings and I always tried the same test case on gmail >> to see how they handle that. > > And thereby surfaced a bug in Gmail's error messages, very cool! > >> I actually used "p=reject sp=none" on one domain for a while. The >> problem was I managed mail server for the main domain but I didnt have >> access to any of the subdomains. It took some time to find out which >> subdomains are used for sending emails and create their own p=none DMARC >> policies. > > Surely all of that subdomain sending information would have been visible to > you in aggregate DMARC reports within days of publishing a p=none record > for the parent domain, long before you reached the point where you could > safely > switch to p=reject?
Oh, do you mean that you did not have access to the subdomains in the mail-server, in the DNS, or both? - Roland
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)