# Skip if the user has set a DMARC record already.
ifnothas_rec("_dmarc","TXT",prefix="v=DMARC1; "):
records.append(("_dmarc","TXT",'v=DMARC1; p=quarantine',"Optional. Specifies that mail that does not originate from the box but claims to be from @%s is suspect and should be quarantined by the recipient's mail system."%domain))
records.append(("_dmarc","TXT",'v=DMARC1; p=quarantine',"Recommended. Specifies that mail that does not originate from the box but claims to be from @%s or which does not have a valid DKIM signature is suspect and should be quarantined by the recipient's mail system."%domain))
# For any subdomain with an A record but no SPF or DMARC record, add strict policy records.
records.append((qname,"TXT",'v=spf1 a mx -all',"Prevents unauthorized use of this domain name for outbound mail by requiring outbound mail to originate from the indicated host(s)."))
records.append((qname,"TXT",'v=spf1 a mx -all',"Recommended. Prevents unauthorized use of this domain name for outbound mail by specifying that only servers pointed to by a parallel A or MX record are valid sources for mail from @%s."%(qname+"."+domain)))
records.append((dmarc_qname,"TXT",'v=DMARC1; p=reject',"Prevents unauthorized use of this domain name for outbound mail by requiring a valid DKIM signature."))
records.append((dmarc_qname,"TXT",'v=DMARC1; p=reject',"Recommended. Prevents unauthorized use of this domain name for outbound mail by specifying that the SPF rule should be honoured for mail from @%s."%(qname+"."+domain)))
# Sort the records. The None records *must* go first in the nsd zone file. Otherwise it doesn't matter.