The reject will only work when DKIM AND SPF are failing.
So you have to setup SPF too. -all does the magic.
Actually, no. DMARC only passes when DKIM or SPF passes. In the absence
of any SPF, that's not a pass so DMARC will fail.
It's a good idea to publish the SPF -all but in this case DMARC doesn't
depend on it.
On 20/08/2019 20:12, John Levine wrote:
In article <mailman.942.1566297977.711.bind-us...@lists.isc.org>
you write:
El 20/08/2019 a las 9:28, Marco Davids via bind-users escribió:
A TXT _dmarc.domain.tld "v=DMARC1; p=reject" might also be
useful.
Wouldn't that imply having DKIM set up for the domain?
No, of course not.
It says that if mail isn't authenticated, reject it. An excellent
way to be sure you never get DKIM authentication is not to set up
DKIM in the first place.
_______________________________________________ Please visit
https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEdAEe0RRL+gREs9oxGJor1wjGePMFAl1cOzMACgkQGJor1wjG
ePP0iwf/WgLuA+W+9mJfy4Z89cG10lfS7ZnNIZlUfjMmQI1jBMFqKhOnLFG08rzX
fpZ8vx8J52ipvprdvTclaNcv3qha0EGfW+FJwO3bQYv2UC1ufkYHY8AGNNkCUU7o
d42iMmwe9K0faZlJFp6uX0zd0jetafbK6CGkc21fcEMdpi4dRjKVq+pummkuJONl
vQaaxuJ7UYSL9IwdALOUifSxc4zjKHQaIeUTXy9j5cW6gJiYcvP9RVVZkv8/2pIZ
mc2acf4F4tc98idkuPr72sH8e/WEaO8EXbxwgpVjYZfYNT/aiPJakLusXlvuvkqz
EmgCfa/F0xvC1fxJeGHIdx8ysMettw==
=I0/a
-----END PGP SIGNATURE-----
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
