My domain configuration has one domain and three subdomains, one of which is identical to the mail server's hostname:
- example.com
- sales.example.com
- internal.example.com
- mail.example.com
I initially configured MX, SPF, DKIM and DMARC DNS records for all four domains, which works well.
But according to some DMARC tutorials, setting a DMARC policy for the base domain (with an sp tag) should cover all subdomains. When I rely on a single DMARC policy (for example.com), though, my mail provider's DMARC results refer to an undefined DMARC policy for subdomain mails. Why is the base domain's DMARC policy not used in this case?
I also tried to simplify the MX and SPF entries using wildcards:
*.example.com 3600 IN MX 10 mail.example.com
*.example.com 3600 IN TXT "v=spf1 mx -all"
but this leads to SPF fails. Why is that? Shouldn't the entries quoted above handle my existing subdomains?