Fix DMARC policy for list.pub.solar

Our _dmarc TXT record by default protects all subdomains, so an
adversary can't send mails on behalf of any subdomains (p=reject, p
stands for policy). We add a _dmarc.list TXT record with the same policy
to allow sending mails via list.pub.solar's postfix.
See https://dmarcly.com/blog/how-dmarc-works-with-subdomains-dmarc-sp-tag
for more context
This commit is contained in:
teutat3s 2023-02-03 13:08:56 +01:00
parent db234cdb5b
commit 9ee9345192
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1

View file

@ -110,6 +110,11 @@ resource "namecheap_domain_records" "pub-solar" {
type = "TXT"
address = "v=DMARC1; p=reject;"
}
record {
hostname = "_dmarc.list"
type = "TXT"
address = "v=DMARC1; p=reject;"
}
record {
hostname = "@"
type = "MX"