<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Thank you all for your help. I've set
it up as you all suggested (spf and dmarc entries in dns). This
weekend I'm going to do some tests. Again, thanks!!!!<br>
<br>
El 20/08/2019 a las 15:42, Scott Morizot escribió:<br>
</div>
<blockquote type="cite"
cite="mid:CAFy81r=M=B7F0mffRFcKkgOEKJwGTntKBt5Tc5=F5=kdq7OaqA@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr">On Tue, Aug 20, 2019 at 5:46 AM Ignacio García
<<a href="mailto:yo@ignasi.com" moz-do-not-send="true">yo@ignasi.com</a>>
wrote:<br>
</div>
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">El 20/08/2019 a las 9:28,
Marco Davids via bind-users escribió:<br>
> A TXT _dmarc.domain.tld "v=DMARC1; p=reject" might also
be useful.<br>
><br>
<br>
Wouldn't that imply having DKIM set up for the domain?<br>
<br>
<br>
</blockquote>
<div><br>
</div>
<div>Short answer is no since nothing in DMARC requires DKIM.
It requires that an email has passed *either* an SPF or a
DKIM check and if a DKIM signature is present that it
correctly validates. If the SPF policy is set to reject all
and the DMARC policy is set to reject if the checks fail,
that's a pretty good way to explicitly state this domain
does no email whatsoever for anyone who cares. (Speaking as
someone who manages the DNS and DKIM signing at work for a
domain that malicious actors do love so much that I've even
seen it used as an example in some of the DMARC docs. /g ) </div>
</div>
</div>
</blockquote>
<br>
</body>
</html>