Thank you all for your help. I've set it up as you all suggested (spf
and dmarc entries in dns). This weekend I'm going to do some tests.
Again, thanks!!!!
El 20/08/2019 a las 15:42, Scott Morizot escribió:
On Tue, Aug 20, 2019 at 5:46 AM Ignacio García <y...@ignasi.com
<mailto:y...@ignasi.com>> wrote:
El 20/08/2019 a las 9:28, Marco Davids via bind-users escribió:
> A TXT _dmarc.domain.tld "v=DMARC1; p=reject" might also be useful.
>
Wouldn't that imply having DKIM set up for the domain?
Short answer is no since nothing in DMARC requires DKIM. It requires
that an email has passed *either* an SPF or a DKIM check and if a DKIM
signature is present that it correctly validates. If the SPF policy is
set to reject all and the DMARC policy is set to reject if the checks
fail, that's a pretty good way to explicitly state this domain does no
email whatsoever for anyone who cares. (Speaking as someone who
manages the DNS and DKIM signing at work for a domain that malicious
actors do love so much that I've even seen it used as an example in
some of the DMARC docs. /g )
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users