Proper Way to Configure a Domain which never sends emails
John R. Levine
johnl at iecc.com
Tue Aug 20 19:08:08 UTC 2019
> The reject will only work when DKIM AND SPF are failing.
> So you have to setup SPF too. -all does the magic.
Actually, no. DMARC only passes when DKIM or SPF passes. In the absence
of any SPF, that's not a pass so DMARC will fail.
It's a good idea to publish the SPF -all but in this case DMARC doesn't
depend on it.
> On 20/08/2019 20:12, John Levine wrote:
>> In article <mailman.942.1566297977.711.bind-users at lists.isc.org>
>> you write:
>>> El 20/08/2019 a las 9:28, Marco Davids via bind-users escribió:
>>>> A TXT _dmarc.domain.tld "v=DMARC1; p=reject" might also be
>>>> useful.
>>
>>> Wouldn't that imply having DKIM set up for the domain?
>>
>> No, of course not.
>>
>> It says that if mail isn't authenticated, reject it. An excellent
>> way to be sure you never get DKIM authentication is not to set up
>> DKIM in the first place.
>>
>> _______________________________________________ Please visit
>> https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>> from this list
>>
>> bind-users mailing list bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
> -----BEGIN PGP SIGNATURE-----
>
> iQEzBAEBCAAdFiEEdAEe0RRL+gREs9oxGJor1wjGePMFAl1cOzMACgkQGJor1wjG
> ePP0iwf/WgLuA+W+9mJfy4Z89cG10lfS7ZnNIZlUfjMmQI1jBMFqKhOnLFG08rzX
> fpZ8vx8J52ipvprdvTclaNcv3qha0EGfW+FJwO3bQYv2UC1ufkYHY8AGNNkCUU7o
> d42iMmwe9K0faZlJFp6uX0zd0jetafbK6CGkc21fcEMdpi4dRjKVq+pummkuJONl
> vQaaxuJ7UYSL9IwdALOUifSxc4zjKHQaIeUTXy9j5cW6gJiYcvP9RVVZkv8/2pIZ
> mc2acf4F4tc98idkuPr72sH8e/WEaO8EXbxwgpVjYZfYNT/aiPJakLusXlvuvkqz
> EmgCfa/F0xvC1fxJeGHIdx8ysMettw==
> =I0/a
> -----END PGP SIGNATURE-----
>
>
Regards,
John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
More information about the bind-users
mailing list