Domain-based Message Authentication, Reporting & Conformance (DMARC)

How to ensure your DMARC record is not inherited by a domain's sub-domains

There are two different tactics to take if you do not want the same policy level on a parent domain's sub-domains:

Create an explicit Domain-based Message Authentication, Reporting, and Conformance (DMARC) record for any sub-domain and specify the policy level you require.
Use the sp tag on your parent domain's DMARC record to specify what policy level you would like your sub domains to have, rather than inheriting from the parent domain.

For example, you can add sp=none to the parent domain's DMARC reject policy so that none of your sub domains inherit the reject policy until you are ready to implement. In this case, a full record example would look like the following:

v=DMARC1; p=reject; sp=none; fo=1; rua=mailto:dmarc_agg@auth.example.net; ruf=mailto:dmarc_afrf@auth.example.net

We are excited to announce the latest in customer training for the Everest Platform. Starting June 5, we will begin offering daily, 30-minute training sessions on the core modules of the Everest Platform detailed below. Led by our email experts, each of these short sessions will provide an overview of the module’s capabilities, allowing you to ask questions and ensuring you get the most from your Everest subscription. Whether you are new to Everest, or an experienced user who isn’t taking advantage of all it has to offer and would like to learn more, this training series is for you!

How to ensure your DMARC record is not inherited by a domain's sub-domains

Turn your data into revenue

New Everest Training Series

How to ensure your DMARC record is not inherited by a domain's sub-domains

Related articles

Turn your data into revenue

New Everest Training Series