Securing Your Parked Domains: Preventing Email Spoofing and Phishing

Unprotected domains, even those not used for sending emails, can still be vulnerable to email spoofing and phishing attacks, posing a risk to your organization’s reputation and trust.

To protect your parked domains effectively, follow these steps:

SPF Record:

Create an SPF record with no permitted senders, indicating that no IP is authorized to send emails for your parked domain. Example SPF record:

domain.com TXT “v=spf1 -all”

DMARC Policy of Reject:

Implement a DMARC policy with a reject action to inform recipients that no emails should originate from your parked domains. Including the RUA (Reporting URI of Aggregate) will provide visibility into potential abuse. Example DMARC record:

_dmarc.domain.com TXT “v=DMARC1;p=reject;rua=mailto:[email protected];”

Null MX Record:

If your domain has an A record but no MX records, create a null MX record to immediately fail any email to that domain. This prevents a sender server from attempting to send email to your A record, which might be a public-facing web server beyond your control. Create an MX record with a priority of 0 (highest priority) and a host name of ”.” (period).

Example null MX record:

domain.com MX “0 .”

Wildcard DKIM Key (Optional):

While not mandatory, consider using a null DKIM record as an extra layer of precaution. This approach explicitly revokes any cached keys and indicates that no email is signed for your parked domain. Example DKIM record:

*._domainkey.domain.com TXT “v=DKIM1; p=”

By implementing these measures, you can safeguard your parked domains effectively, reducing the risk of email-based fraud and enhancing trust in your organization.