1

I have a sub.domain sending emails.

From: Newsletters@sub.example.com

I have set up the following DMARC record.

_DMARC.sub.example.com TXT "v=DMARC1; p=none; rua=mailto:reports@another.com; ruf=mailto:reports@another.com; fo=1"

I now want to setup the corresponding _report._dmarc. record on another.com

Should I use

sub.example.com._report._dmarc.another.com TXT "v=DMARC1"

or 

example.com._report._dmarc.another.com TXT "v=DMARC1"

Note: I do have other sub.domains under example.com.
So if example.com._report._dmarc.another.com TXT "v=DMARC1" is valid that saves me having to create lots of similar records for each sub.example.com sub.domain.

Thanks in advance
Best Regards
David

Thomas
  • 4,155
  • 5
  • 21
  • 28
David Hill
  • 11
  • 1

1 Answers1

2

The DMARC specification stated to specifically:

  1. Extract the host portion of the authority component of the URI. Call this the "destination host", as it refers to a Report Receiver.
  2. Prepend the string "_report._dmarc".

Therefore you can't suffice with a single record. However... You can with publishing 2 records:

example.com._report._dmarc.another.com TXT "v=DMARC1"

*.example.com._report._dmarc.another.com TXT "v=DMARC1"

Make sure to validate your records using an online validator.

You could also allow 'all' domains by publishing a general wildcard (*._report._dmarc.another.com)

Does this help?

Regards,

Michiel

DMARC Analyzer

DMARC Analyzer - Michiel
  • 136
  • 2
  • Note that DMARC report aggregation providers (e.g. agari.com, dmarcian.com, dmarcnalayzer.com, 250ok.com, etc.) publish a generic *._report._dmarc.another.com record to authorize acceptance of reports on behalf of any (potential) client domain; however, you may want to publish explicit _report._dmarc records to limit potential abuse/DOS of your domain. – jnaab Oct 17 '18 at 01:25