How to setup DMARC policy for subdomain on

For setting up subdomain on, we usually use LDAP Gateway. [1]


With changing dnsZoneEntry, we can set up each subdomain of

For example, you can customize SPF TXT record for

example IN TXT v=spf1 ~all

But when you setup DMARC policy for dnsZoneEntry, it may cause the trouble. LDAP Gateway returns the following error:

Command is not understood. Halted - no changes committed

This is caused by unsupported v=DMARC1 record by

Even though LDAP Gateway doesn't support v=DMARC1 record, there is a workaround for it. (e.g

  • Step 1. If you own your domain, set v=DMARC1 record on your domain. (e.g.

TXT record of is something like this:

v=DMARC1; p=quarantine; fo=s; aspf=s;;

  • Step 2: Set dnsZoneEntry on

dmarc.example IN CNAME

It means that is provided by 's txt record.

Now you can ready to verify it.