You could simplify it down to remove the subdomain policy: "v=DMARC1; p=reject; rua=<...>; fo=1;"
This means that all subdomains will inherit the organizational domain's p=reject. You would only set up DKIM or SPF for the subdomain if you want to send email from it and not fail DMARC. --Terry From: dmarc-discuss [mailto:[email protected]] On Behalf Of Marc Luescher via dmarc-discuss Sent: Friday, August 25, 2017 10:23 AM To: [email protected] Subject: [dmarc-discuss] DMARC and vanity domains Hi there, we are setting up a lot of vanity domains to make sure they can not be used for abuse. main domain fresenius.com vanity 1 fressenius.com etc My idea was to just to create a DMARC record like : v=DMARC1; p=reject; rua=mailto:[email protected],mailto:[email protected],mailto:[email protected];ruf=mailto:[email protected],mailto:[email protected]; sp=reject; fo=1; for all newly registered vanity domians and to authorize it in the master domain. Would this be best practice or do we need for every vanity domain also a valid SPF and/or DKIM record to be fully compliant. I did not find any guideline how to do this. Thank you Marc
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
