We have several customers with .agency domains that have their own DMARC record, but their DNS is hosted in different places (Route53, Cloudflare, Godaddy).
You need to troubleshoot with your DNS host to see why the CNAME record for _dmarc did not propagate; it shouldn't be a problem with the TLD. The wildcard that Todd discovered is affecting all the domains that host their DNS in Afternic, not just the .agency ones. Catalin On Fri, 21 Nov 2025 at 17:15, Todd Herr via mailop <[email protected]> wrote: > On Fri, Nov 21, 2025 at 8:40 AM Alex Shakhov | SH Consulting via mailop < > [email protected]> wrote: > >> We are having an issue enforcing DMARC for a domain operating under the >> .agency TLD. Our DMARC configuration is centralized through our internal >> DNS. We manually assigned an identical CNAME value across multiple domains, >> all pointing to the same TXT record. Every domain applied the policy >> successfully except the one on .agency. >> >> At first, we considered DNS propagation delays. However, policies added >> to .agency afterward propagated normally with no delays. >> >> My assumption is that .agency TLD may have restrictions that interfere >> with DMARC enforcement at the domain level. >> >> We don't have data to compare, as this is our first time working with a >> .agency domain. >> >> We submitted a request to Identity Digital (the registry for .agency) a >> few days ago but have not yet received a response. >> >> Has anyone had issues before with .agency TLD from a DMARC enforcement >> standpoint? >> >> > Are you able to share the exact domain name at issue? > > I went looking for oddness in general and thought I'd stumbled across a > wildcard DNS situation: > > $ host -tTXT _dmarc.foo.agency > > _dmarc.foo.agency descriptive text "v=spf1 -all" > > > $ host -tTXT _dmarc.alex.agency > _dmarc.alex.agency descriptive text "v=spf1 -all" > > But it seems that it's not quite a wildcard: > > $ host -tTXT _dmarc.todd.agency > > Host _dmarc.todd.agency not found: 3(NXDOMAIN) > > -- > Todd > > _______________________________________________ > mailop mailing list > [email protected] > https://list.mailop.org/listinfo/mailop >
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
