DMARC prevents usage of your subdomains in the From: header. SPF doesn't protect it in anyway, it only checks SMTP envelope-from.
25.08.2017 17:11, Cameron Dixon via mailop пишет: > Hello! I have a random question about SPF/DMARC and subdomains. > > openspf.org <http://openspf.org> [1] recommends that non-mail-sending > domains have a "v=spf1 -all" record, which can be pretty onerous if > you have a lot of names published in DNS. > > The DMARC RFC indicates you can set a policy specific for subdomains > [2]. If sp=reject is set at _dmarc.example.tld (and there isn't an > overriding policy at the host itself, since it gets checked first > [3]), would this would be an effective way to disclaim email coming > subdomains and not need to add SPF records across the zone? > > - - - - > Cameron > > > [1] http://www.openspf.org/FAQ/Common_mistakes#all-domains (last > updated 2009) > [2] https://tools.ietf.org/html/rfc7489#section-6.3 > [3] https://tools.ietf.org/html/rfc7489#section-6.6.3 > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- Vladimir Dubrovin @Mail.Ru
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
