On Wed, 20 Dec 2017, Kurt Andersen (b) wrote:
I need to be able to emulate in some way the effect of SPF and DMARC
records for non-existent first level subdomains under the PSL gov.uk - to
stop spoof mail apparently coming from them being delivered.
I'm quite sure that you will need to do this via synthetic records being
returned either by the gov.uk name servers or by having gov.uk refer to a
general "parked domain" name server (farm) for all of the non-existent
subdomains ...
With your current DNS setup, you could add this, no new name servers
needed:
*.gov.uk. IN TXT "v=spf1 -all"
*.gov.uk. IN TXT "v=DMARC1; p=reject; rua=mailto:<something>;
ruf=mailto:<something>"
This will cover all undelegated names below gov.uk, e.g. abc.gov.uk and
abc.def.gov.uk. It won't cover names under existing subdomains, e.g.
abc.mod.gov.uk but it's better than nothing.
Unless the people who host your DNS are willing to let you use customized
stunt servers, which seems unlikely considering who they are, that's about
the best you can do without getting the cooperation of your delegatees.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
