Thanks for the reply Bruce.
The only thing we can find is that the dmarc@ email addresses specified within the _dmarc record.
So, the Dmarc record for domain1.com is:
v=DMARC1; p=reject; sp=reject; rua=mailto:abuse@domain2.com; ruf=mailto:abuse@domain2.com; rf=afrf; pct=100; ri=86400
The result using UnlockTheInbox shows this:
- Failed - The 'rua' tag value is not allowed to receive the report
- RUA Test - failed, because domain.net is missing the DMARC tag in DNS to allow it to accept DMARC emails from subdomain.net this was added in draft 2 of DMARC to prevent spamming through rua and ruf fields. The DNSTXT Record that is needed would be under subdomain.net._reports._dmarc.domain.net and contain at least a V=DMARC1 value in order for this test to pass.
I don't understand the notes above. Any clarification for this? I don't really want to create a abuse@ mail forwarder for every clients domain and this that would be tiresome especially on top of having to create DomainKeys etc.
Any advice would be appreciated.