Proper Way to Configure a Domain which never sends emails
Ignacio García
yo at ignasi.com
Fri Aug 23 07:01:52 UTC 2019
Thank you all for your help. I've set it up as you all suggested (spf
and dmarc entries in dns). This weekend I'm going to do some tests.
Again, thanks!!!!
El 20/08/2019 a las 15:42, Scott Morizot escribió:
> On Tue, Aug 20, 2019 at 5:46 AM Ignacio García <yo at ignasi.com
> <mailto:yo at ignasi.com>> wrote:
>
> El 20/08/2019 a las 9:28, Marco Davids via bind-users escribió:
> > A TXT _dmarc.domain.tld "v=DMARC1; p=reject" might also be useful.
> >
>
> Wouldn't that imply having DKIM set up for the domain?
>
>
>
> Short answer is no since nothing in DMARC requires DKIM. It requires
> that an email has passed *either* an SPF or a DKIM check and if a DKIM
> signature is present that it correctly validates. If the SPF policy is
> set to reject all and the DMARC policy is set to reject if the checks
> fail, that's a pretty good way to explicitly state this domain does no
> email whatsoever for anyone who cares. (Speaking as someone who
> manages the DNS and DKIM signing at work for a domain that malicious
> actors do love so much that I've even seen it used as an example in
> some of the DMARC docs. /g )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190823/73d4f5e9/attachment.html>
More information about the bind-users
mailing list