# Skip if the user has set a DMARC record already.
ifnothas_rec("_dmarc","TXT",prefix="v=DMARC1; "):
records.append(("_dmarc","TXT",'v=DMARC1; p=quarantine',"Recommended. Specifies that mail that does not originate from the box but claims to be from @%s or which does not have a valid DKIM signature is suspect and should be quarantined by the recipient's mail system."%domain))
records.append(("_dmarc","TXT",'v=DMARC1; p=quarantine;',"Recommended. Specifies that mail that does not originate from the box but claims to be from @%s or which does not have a valid DKIM signature is suspect and should be quarantined by the recipient's mail system."%domain))
ifdomain_properties[domain]["user"]:
# Add CardDAV/CalDAV SRV records on the non-primary hostname that points to the primary hostname
records.append((qname,"TXT",'v=spf1 -all',"Recommended. Prevents use of this domain name for outbound mail by specifying that no servers are valid sources for mail from @%s. If you do send email from this domain name you should either override this record such that the SPF rule does allow the originating server, or, take the recommended approach and have the box handle mail for this domain (simply add any receiving alias at this domain name to make this machine treat the domain name as one of its mail domains)."%d))
records.append(("_dmarc"+("."+qnameifqnameelse""),"TXT",'v=DMARC1; p=reject',"Recommended. Prevents use of this domain name for outbound mail by specifying that the SPF rule should be honoured for mail from @%s."%d))
records.append(("_dmarc"+("."+qnameifqnameelse""),"TXT",'v=DMARC1; p=reject;',"Recommended. Prevents use of this domain name for outbound mail by specifying that the SPF rule should be honoured for mail from @%s."%d))
# And with a null MX record (https://explained-from-first-principles.com/email/#null-mx-record)