[opendmarc-users] Doing just what the record requests

Paul N. Pace paulnpace at gmail.com
Fri May 16 16:15:14 PDT 2014


Hello-

I am configuring OpenDMARC for the first time and I'm trying to figure out
how to configure opendmarc.conf so that it, largely, just does what the
owner of the given DMARC DNS record is requesting. The one exception is
ForensicReports = false (the default) since apparently this can contribute
to DDOS attacks.

One issue I have identified is following p= in the DNS record. For example,
as I understand it, if DMARC record of the sender has p=reject, and
RejectFailures is set to its default (false), then the email will not be
rejected. However, if RejectFailures is set to true, then p=reject will be
enforced, but so will any other failure of the test, even when the owner of
the record does not set p=reject.

If I understand RejectFailures correctly, then I'm wondering if there is
any way to only reject emails when the DMARC record requests it?

Thanks!


Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.trusteddomain.org/pipermail/opendmarc-users/attachments/20140516/45a8d8eb/attachment.htm>


More information about the opendmarc-users mailing list