For setting up subdomain on debian.net, we usually use LDAP Gateway. [1]
[1] https://db.debian.org/doc-mail.html
With changing dnsZoneEntry, we can set up each subdomain of debian.net.
For example, you can customize SPF TXT record for example.debian.net.
example IN TXT v=spf1 a:example.debian.net ~all
But when you setup DMARC policy for dnsZoneEntry, it may cause the trouble. LDAP Gateway returns the following error:
Command is not understood. Halted - no changes committed
This is caused by unsupported v=DMARC1 record by changes@db.debian.org.
Even though LDAP Gateway doesn't support v=DMARC1 record, there is a workaround for it. (e.g example.debian.net)
- Step 1. If you own your domain, set v=DMARC1 record on your domain. (e.g. _dmarc.example.example.org)
TXT record of _dmarc.example.example.org is something like this:
v=DMARC1; p=quarantine; fo=s; aspf=s; rua=dmarc-reports@example.debian.net; ruf=dmarc-reports@example.debian.net
- Step 2: Set dnsZoneEntry on debian.net
dmarc.example IN CNAME dmarc.example.example.org.
It means that _dmarc.example.debian.net
is provided by _dmarc.example.example.org
's txt record.
Now you can ready to verify it.