How does the DMARC sp tag affect subdomain policies?
Summary
What email marketers say12Marketer opinions
Marketer from Email Geeks provides an example, illustrating how DMARC policies are applied based on the sp tag and subdomain records.
Email marketer from EmailSecurityFAQ explains that DMARC 'sp' tag is a subdomain policy that allows for the creation of a DMARC rule that applies to any subdomains, this can allow a different policy for subdomains versus the primary domain.
Email marketer from AuthSMTP shares a reminder that SPF, DKIM and DMARC need to be setup correctly to ensure correct email sending, and to watch the 'sp' tag to ensure that it does not override your primary domain with the wrong settings.
Email marketer from URIports notes that the sp tag lets you define a specific DMARC policy for all subdomains of a domain. If a subdomain does not have a DMARC record, it will default to the sp tag setting of the main domain. It ensures control over email authentication across all parts of a domain structure.
Email marketer from Mailhardener shares that the p tag and sp tag define how to deal with unauthorized use of your domain, to ensure that your settings are configured correctly to handle spoofing or attacks.
Email marketer from Stackoverflow shares that DMARC policy is inherited from the main domain to subdomains, but this inheritance can be modified with the 'sp' tag. Setting sp to 'reject' or 'quarantine' on the parent domain ensures those policies are enforced on subdomains without their own DMARC records.
Email marketer from Email Geeks shares advice to set the policy on the parent domain to p=none, but sp=reject if you’re being spoofed by a botnet on a bunch of random subdomains.
Email marketer from MXToolbox explains a common DMARC mistake is not properly setting the 'sp' tag, which can lead to subdomains being vulnerable to spoofing. It's crucial to define an 'sp' policy, especially if the 'p' policy is set to 'none'.
Email marketer from Valimail explains that the sp tag is crucial for controlling how DMARC policies are applied to subdomains. By using the sp tag to define a specific policy, you ensure that your subdomains are protected against email spoofing.
Email marketer from EasyDMARC shares that the sp tag in DMARC is vital for organizations using subdomains. It allows you to set stricter DMARC policies on your subdomains than your primary domain, offering an extra layer of security.
Marketer from Email Geeks answers the question by explaining that p=none will be the policy for any subdomain that does not publish its own DMARC record.
Email marketer from Reddit explains that when the sp tag is set to none it means that even if there is a DMARC policy, the subdomains policy will be set to none, which means no action will be taken even if the email fails authentication. The sp tag lets the owner of a domain specify what subdomains should do.
What the experts say4Expert opinions
Expert from Spam Resource answers that if your subdomains are not sending mail, set a DMARC record for them and set a policy so spammers can't send mail from those domains. You can do this at the DNS level.
Expert from Email Geeks shares that there’s also the np tag to define a policy for non existent domains. So if you’re p=none but don’t want folks to forge subdomains that don’t exist you can do p=none, np=reject.
Expert from Word to the Wise explains how to use p=none, and sp=reject to block spoofed emails from subdomains. This ensures non-existent subdomains are managed correctly, and helps get DMARC set up more easily.
Expert from Email Geeks explains that if there's no sp tag, the policy is inherited, only use sp if you don’t want the policy inherited.
What the documentation says3Technical articles
Documentation from DMARC.org explains that the 'sp' tag in a DMARC record defines the policy for subdomains of the domain in question. If the 'sp' tag is not present, the policy specified by the 'p' tag applies to both the domain and its subdomains. The 'sp' tag allows domain owners to specify a different policy for subdomains.
Documentation from Google Workspace Admin Help states that the 'sp' tag, or subdomain policy tag, lets you define a more restrictive DMARC policy for all subdomains. Without the sp tag subdomains inherit the p tag. This tag is optional, but recommended to prevent abuse of subdomains.
Documentation from RFC 7489, the standard defining DMARC, specifies that the 'sp' tag indicates a requested policy to be enacted by a Mail Receiver when processing mail from subdomains of the Domain Owner's domain. If the “sp” tag is absent, the policy applies to the domain it is published on and all subdomains.