The question is pretty much in the title.
I have a domain, which has a subdomain with it's own DMARC record. The subdomain marketing.xxx.com is managed by a third-party and they handle the DMARC reports for their subdomain by themself.
I now want to analyze the regular corporate traffic on the main domain and am wondering, if it is possible to create a DMARC record for the main domain in a way, that the reports I receive don't contain traffic of the subdomain.
Is this possible with DMARC?
Short answer: Yes, it's possible for this specific case.
Just create a DMARC record in the organizational domain (yourdomain.tld).
Background:
If a subdomain is used in the header.from field, which has its own DMARC record published, the reports will (only) be sent to the email address registered in the rua tag.
If a subdomain is used without having a specific DMARC record published, the DMARC record for the organizational domain will be used.
Examples:
Header.from: aaa@marketing.xxx.com ---> _dmarc.marketing.xxx.com will be used.
Header.from: aaa@bbb.marketing.xxx.com ---> _dmarc.xxx.com will be used (assuming no DMARC record was published for bbb.marketing.xxx.com).
Header.from: aaa@bbb.xxx.com ---> _dmarc.xxx.com will be used (assuming no DMARC record was published for bbb.xxx.com).
For a Flow Diagram and a step-by-step description of the DMARC process, please see section 4.3 of the DMARC RFC. Point 7 outlines the behavior I described above.
