Fix DMARC policy for list.pub.solar
Our _dmarc TXT record by default protects all subdomains, so an adversary can't send mails on behalf of any subdomains (p=reject, p stands for policy). We add a _dmarc.list TXT record with the same policy to allow sending mails via list.pub.solar's postfix. See https://dmarcly.com/blog/how-dmarc-works-with-subdomains-dmarc-sp-tag for more context
This commit is contained in:
parent
db234cdb5b
commit
9ee9345192
|
@ -110,6 +110,11 @@ resource "namecheap_domain_records" "pub-solar" {
|
|||
type = "TXT"
|
||||
address = "v=DMARC1; p=reject;"
|
||||
}
|
||||
record {
|
||||
hostname = "_dmarc.list"
|
||||
type = "TXT"
|
||||
address = "v=DMARC1; p=reject;"
|
||||
}
|
||||
record {
|
||||
hostname = "@"
|
||||
type = "MX"
|
||||
|
|
Loading…
Reference in a new issue