On Tue, Aug 20, 2019 at 5:46 AM Ignacio García <y...@ignasi.com> wrote:
> El 20/08/2019 a las 9:28, Marco Davids via bind-users escribió: > > A TXT _dmarc.domain.tld "v=DMARC1; p=reject" might also be useful. > > > > Wouldn't that imply having DKIM set up for the domain? > > > Short answer is no since nothing in DMARC requires DKIM. It requires that an email has passed *either* an SPF or a DKIM check and if a DKIM signature is present that it correctly validates. If the SPF policy is set to reject all and the DMARC policy is set to reject if the checks fail, that's a pretty good way to explicitly state this domain does no email whatsoever for anyone who cares. (Speaking as someone who manages the DNS and DKIM signing at work for a domain that malicious actors do love so much that I've even seen it used as an example in some of the DMARC docs. /g )
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users