If you possess defensive domain names, also referred to as parked domains or passive domain names, that are not intended for email usage, you may want to take measures to secure them. To prevent these domains from being misused by unauthorized parties, we suggest adding the following DNS records to your DNS zones.
This will help ensure that your domains remain secure and not used by malicious actors or for unwanted purposes.
- DMARC
- SPF
- DKIM
- MX
DMARC for defensive domains:
This DMARC DNS Record will allow you to instruct your recipients to reject emails from "parkeddomain.xx" if they are not authenticated by SPF and/or DKIM.
- Hostname :_dmarc.parkeddomain.xx
- Type : TXT
- Value : v=DMARC1;p=reject;rua=mailto:mybusiness@mybusiness.com;
SPF for defensive domains :
This SPF DNS record will allow you to declare that no email will use this domain in any "return path/envelope" of any email (and therefore no email will be authenticated with SPF):
- Hostname : parkeddomain.xx
- Type : TXT
- Value : v=spf1 -all
- Hostname : *.parkeddomain.xx
- Type : TXT
- Value : v=spf1 -all
DKIM for defensive domains :
This DKIM DNS record states that no DKIM key exists for this domain. This record is optional but can be checked by very few anti-spam programs. It is not mandatory.
- Hostname : *._domainkey.parkeddomain.xx
- Type : TXT
- Value : v=DKIM1; p=
MX for defensive domains :
This MX record indicates that no email server exists for this domain and therefore no email can be received by this domain.
If this MX record is not configured then email received by these domains will be directed to the IP that is in the domain's "A" DNS record. This IP may in some cases be outside the control of your organisation so it is best to be explicit and make it clear to potential senders that this domain cannot receive email.
- Hostname : parkeddomain.xx
- Type : MX
- Priority : 0
- Value : .
- Hostname : *.parkeddomain.xx
- Type : MX
- Priority : 0
- Value : .