How DMARC Applies to Subdomains

The text discusses how Domain-based Message Authentication, Reporting, and Conformance (DMARC) policies work with subdomains, emphasizing the importance of understanding the organizational or parent domain, which DMARC relies on to determine policy information. When a mail server receives a message, it undergoes a policy discovery process to apply the correct DMARC policy, checking first the specific domain in the "From" header and then the organizational domain, while intermediate subdomains are skipped. Subdomains typically inherit the organizational domain's DMARC policy unless a specific policy is published for a subdomain, with the optional "sp" tag allowing for different treatment of subdomains without individual records. The guide suggests starting with a simple DMARC policy for the entire domain and gradually tightening it, using the "sp" tag only at the organizational level, as it is ignored if applied to subdomains.