Hi all,
I am new to this list, and will give a short introduction to myself.
I work for the Dutch government as an IT architect. One of my goals is
improving mail security.
As Dutch government we commit to comply to SPF, DKIM, DMARC, DANE and
IPv6 standards.
With this we are challenged to keep the technical environment
manageable.
Some of our government IT partners use CNAME records to refer to DMARC
templates, and we are planning to use the same technique. Using
templates makes it more easy to maintain DNS records.
For private purposes I am running my own mail server using opendmarc
together with postfix, amavis, spamassasin, opendkim and
postfix-policyd-spf.
During testing mail policies that where published using a CNAME, I
noticed opendmarc is not handling the published policies, but is acting
as if no policy was published. To address this issue I have submitted an
issue to the opendmarc project.
https://github.com/trusteddomainproject/OpenDMARC/issues/103
My questions are:
- Is it a common practice to use CNAME DNS record to reference DMARC
templates?
- Is it a known issue opendmarc does not process the published policies
when they are published using a CNAME? If this is caused due to a
software bug, this could be a serious security issue.
Regards,
Jan
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
