>Am 25.08.2017 um 19:22 schrieb Marc Luescher via dmarc-discuss:
>> I did not find any guideline how to do this.
>
>https://www.m3aawg.org/documents/en/m3aawg-protecting-parked-domains-best-common-practices
Assuming you mean domains that neither send nor receive e-mail, the M3AAWG
document
is
Marc,
Strictly speaking, you don't need the SPF record; however, I strongly
recommend you publish a "permit none" SPF record as many corporate gateways
that don't support DMARC (or don't have validation enabled) will still
block fraudulent messages based on an SPF record.
v=spf1 -all
Best
Hi Marc,
your idea is right in my opinion.
You do need a valid SPF (but may be a „-all“ thats your choice, because you
don’t send for that domain mails) record. But no DKIM, because you don’t send
emails.
But enough of talking, i think an example helps more:
Domain 1 (master)
_dmarc
You could simplify it down to remove the subdomain policy:
"v=DMARC1; p=reject; rua=<...>; fo=1;"
This means that all subdomains will inherit the organizational domain's
p=reject. You would only set up DKIM or SPF for the subdomain if you want to
send email from it and not fail DMARC.
--Terry
Hi there,
we are setting up a lot of vanity domains to make sure they can not be used
for abuse.
main domain fresenius.com
vanity 1 fressenius.com etc
My idea was to just to create a DMARC record like :
v=DMARC1; p=reject; rua=mailto:71676...@mxtoolbox.dmarc-report.com,