DMARC policies and RUA/RUF settings operate on a hierarchical inheritance and override system between a domain and its subdomains. If a subdomain has a DMARC record, it dictates the policy and RUA/RUF reporting for that subdomain. If a subdomain lacks a DMARC record, it inherits the parent domain's policy and reporting settings. This system allows for both centralized control and subdomain-specific configurations for email authentication.
4 marketer opinions
DMARC policies and RUA/RUF settings have a hierarchical behavior between a domain and its subdomains. If a subdomain possesses its own DMARC record, that record takes precedence, dictating the policy and where RUA/RUF reports are sent specifically for that subdomain. Conversely, if a subdomain lacks a DMARC record, it inherits the DMARC policy and RUA/RUF settings of its parent domain. This inheritance ensures that subdomains are also protected by DMARC even if they don't have explicitly defined policies.
Marketer view
Email marketer from EmailSecurity Blog details how a DMARC record on a subdomain takes precedence over the domain's policy. If the subdomain lacks its own record, the domain's DMARC policy is applied. The same inheritance and override apply for RUA and RUF settings.
14 Dec 2024 - EmailSecurity Blog
Marketer view
Email marketer from MXToolbox explains that if a subdomain has a specific DMARC record set, it will use that. Otherwise, it inherits from the main domain. The rua and ruf addresses would also follow this setup; a specified rua on a subdomain DMARC would only provide reports for that subdomain.
11 Dec 2021 - MXToolbox
4 expert opinions
DMARC policies offer flexibility in managing email authentication for domains and their subdomains. A distinct DMARC policy can be established for a subdomain, which will override the policy set at the organizational domain level. However, if a subdomain lacks its own DMARC record, it will inherit the DMARC policy of the parent domain. The RUA/RUF settings, which dictate where aggregate and forensic reports are sent, follow a similar pattern: a subdomain's DMARC record dictates the reporting for that subdomain, while inheritance occurs in the absence of a subdomain-specific record.
Expert view
Expert from Word to the Wise answers that if a subdomain has a DMARC record that record will be used. If a subdomain does not have its own DMARC record it will inherit the DMARC record from the domain. The RUA and RUF reports will be sent according to the record being used for the subdomain. A record on the subdomain will mean the reports will only be for that subdomain.
23 Sep 2023 - Word to the Wise
Expert view
Expert from Email Geeks explains that a DMARC policy appearing on a subdomain will override the organizational domain policy.
13 Nov 2021 - Email Geeks
4 technical articles
DMARC policy management across domains and subdomains involves both inheritance and overriding mechanisms. Standard documentation confirms that subdomains inherit the DMARC policy of the organizational domain when a specific DMARC record is absent. Conversely, a DMARC record explicitly configured for a subdomain will override the organizational domain's policy, allowing for tailored security measures. RFC7489 formalizes these interactions by outlining the policy discovery and inheritance process.
Technical article
Documentation from Google Workspace Admin Help explains that a DMARC policy for a subdomain can override the policy of the parent domain. If a subdomain does not have its own DMARC record, it inherits the DMARC policy of the parent domain.
26 Mar 2022 - Google Workspace Admin Help
Technical article
Documentation from RFC7489 describes the interaction between organizational domains and subdomains within the context of DMARC. Specifically, it outlines how policy discovery and inheritance work. If a subdomain has a DMARC record it will be used otherwise the policy of the top level organizational domain will be inherited.
22 Aug 2023 - RFC7489
How do DMARC records on subdomains override root domain DMARC policies?
Do I need to set up DMARC for subdomains?
Do DMARC and BIMI require p=reject to be present on the organizational domain?
How do I set up DMARC records for subdomains?
Do subdomains need their own DMARC records if the main domain has one?
Does BIMI trickle down to subdomains and how to control subdomain BIMI display?
Are DMARC RUA and RUF tags mandatory for compliance and what are their benefits?
Do I need DMARC for transactional emails from a small website, and what are the best low-cost alternatives for sending emails if my IP is blocked?
How do I implement DMARC with BIMI on multiple subdomains?
© 2025 Suped Pty Ltd