Hi Marc, your idea is right in my opinion.
You do need a valid SPF (but may be a „-all“ thats your choice, because you don’t send for that domain mails) record. But no DKIM, because you don’t send emails. But enough of talking, i think an example helps more: Domain 1 (master) _dmarc IN TXT ("v=DMARC1; p=quarantine; sp=reject; fo=1; aspf=r; adkim=s;" "rua=mailto:dm...@tech-nicks.de; ruf=mailto:dm...@tech-nicks.de;") Domain 2 (no real use) @ IN TXT "v=spf1 -all" _dmarc IN TXT ("v=DMARC1; p=reject; sp=reject; fo=1; aspf=s; adkim=s;" "rua=mailto:dm...@tech-nicks.de; ruf=mailto:dm...@tech-nicks.de;“) But you have to allow other domains receiving reports. For me it is an other domain i own. Domain 3 (where the reports go) (its own dmarc record - left out because does not matter here) tierheilpraxis-nix.de._report._dmarc IN TXT "v=DMARC1" thp-nix.de._report._dmarc IN TXT "v=DMARC1“ So its that what you have written I think. Do not waste time on DKIM - you don’t send, you don’t need it. Hope it helps. Kind regards, Marko > Am 25.08.2017 um 19:22 schrieb Marc Luescher via dmarc-discuss > <dmarc-discuss@dmarc.org>: > > Hi there, > > we are setting up a lot of vanity domains to make sure they can not be used > for abuse. > > main domain fresenius.com > vanity 1 fressenius.com etc > > My idea was to just to create a DMARC record like : > v=DMARC1; p=reject; > rua=mailto:71676...@mxtoolbox.dmarc-report.com,mailto:92ef88808ad6...@rep.dmarcanalyzer.com,mailto:yjgni...@ag.dmarcian.com;ruf=mailto:92ef88808ad6...@for.dmarcanalyzer.com,mailto:yjgni...@ag.dmarcian.com > > <mailto:92ef88808ad6...@rep.dmarcanalyzer.com,mailto:yjgni...@ag.dmarcian.com;ruf=mailto:92ef88808ad6...@for.dmarcanalyzer.com,mailto:yjgni...@ag.dmarcian.com>; > sp=reject; fo=1; > > for all newly registered vanity domians and to authorize it in the master > domain. Would this be best practice or do we need for every vanity domain > also a valid SPF and/or DKIM record to be fully compliant. I did not find any > guideline how to do this. > > Thank you > > Marc > > _______________________________________________ > dmarc-discuss mailing list > dmarc-discuss@dmarc.org > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well terms > (http://www.dmarc.org/note_well.html)
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)