d4rklynk
commented
11 months ago Like NULL MX, it should be set for every domains and subdomains that do not use email.
Closed d4rklynk closed 11 months ago
d4rklynk
commented
11 months ago Like NULL MX, it should be set for every domains and subdomains that do not use email.
jonatanklosko
commented
11 months ago Done, thanks! We have DMARC with p=quarantine (and without sp) and my understanding is that this also applies to subdomains.
d4rklynk
commented
11 months ago Yes, if spis not specified, p will take over. It's always best practice to specify it though, in case you use quarantine in your apex domain, you should explicitly reject email for subdomains -> sp=reject.
jonatanklosko
commented
11 months ago We do have a subdomain allowed to send emails, so in this case we probably want to handle it the same as apex.
As per the RFC 7208 (Section 10.1.2) You should set spf value to:
live.worldcubeassociation.org. IN TXT "v=spf1 -all"Doing so will fail every email that will be sent from this subdomain since this subdomain is not used for email.
If DMARC on the apex domain is configured to reject email for subdomains (
sp=reject), the email will fail SPF check, so it will not be sent to users.