Conversation

Replying to
Most smaller email servers don't set up OpenDMARC or equivalent to enforce it. It works really well with the major providers though. It doesn't tend to silently break anything but email is pretty annoying since it can take a really long time to actually get the error message.
2
1
I always set up an enforcing policy for each domain as the first step. It's useful even if it doesn't send email, since you still don't want someone spoofing emails from there. Setting null MX ("0 .") also gives people instant errors that they can't send email to the domain.
1
2
It appears to permit having no DKIM records for non-mail subdomains but not a non-mail bare domain. Could set an empty placeholder like the example but it's not like DKIM records enforce something on their own. It would essentially just be gaming the test.
1