It appears that Scott Kitterman <[email protected]> said: >> For your #2 you seem to be saying that if I send no-reply transactional >> mail, my DNS would look like this: >> >> notifiy.bigcorp.com. IN MX 0 . /* we don't receive replies /* >> IN A 0.0.0.0 /* make the domain exist */ >> _dmarc.notify.bigcorp.com. IN TXT "v=DMARC1; p=reject; ..." /* it's all >> aligned */ s._domainkey.notify.bigcorp.com. IN TXT "v=DKIM1; h=sha256; >> p=MIIBIjANB..." /* it's signed */ > >In the current definition one of MX, A, or AAAA needs to return something >other >than NODATA or NXDOMAIN. ...
>This is about if the sp= or np= policy should apply (if defined). I think >it's reasonable to apply np= if the only thing that makes the domain exists in >our terms in the null mx (#1). For #2, I think the sp= policy should apply. The question appears to be whether we believe that null MX means that a domain never sends mail, as opposed to never receivess mail. As we said in RFC 7505 sec 4.2, sending mail from a null MX domain is not a great idea, but it is a SHOULD NOT, not a MUST NOT. If you want to say you never send mail, that's SPF -all. I don't think this is the place to change the semantics. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
