Protect Domains that do not send email

If you own a domain name that you do not use for sending emails, it is essential that you configure these domains correctly so that email servers around the world know not to accept emails from these domains.

Even if you are not using a domain to send email, without taking these steps, there is nothing to stop spammers any cybercriminals from sending spoofed email impersonating your domain, pretending to be from you and thus damaging your reputation.

This is very common for businesses to use one domain (such as yourdomain.com) for their website and email, but also own other TLD’s such as .co.uk, .UK, .net etc or alter spellings or variations of their domain, which are not used for anything.

Here are 4 simple things to do in DNS now to help protect domains that do not send email:


1. Create an SPF Record

In your DNS Management portal, create a TXT Record with the following value:

v=spf1 -all

This will tell email servers around the world that your domain name should not send any email, giving them an indication that emails from this domain should be considered spam.

Useful Tools: SPF Record CheckSPF Record Generator

How to create an SPF Record:
Create a TXT Record with these values:

  • Host: Either leave blank, or enter @
  • Value: v=spf1 -all
  • TTL: Leave default, or enter 1800

GoDaddyDnsMadeEasyNetRegistry


2. Create a DKIM Record

In your DNS Management portal, create a TXT Record with the following value:

v=DKIM1; p=

This record will tell the recipient’s mail server that the email signature isn’t valid because it sees the key as “revoked”. The way we do this is by specifying an empty key. In normal DKIM records, there are additional fields, but they aren’t needed since we are trying to create an intentionally denied record.

Tools: DKIM Record Lookup

How to create a DKIM Record:
Create a TXT Record with these values:

  • Host: *._domainkey.<your domain>
  • Value: v=DKIM1; p=
  • TTL: Leave default, or enter 1800

GoDaddyDnsMadeEasyNetRegistry


3. Create a DMARC Record

In your DNS Management portal, create a TXT Record with the following value:

v=DMARC1; p=reject; pct=100;

This will instruct receiving email servers to reject the emails.

Tools: DMARC Check Tool

How to create a DMARC Record:
Create a TXT Record with these values:

  • Host: *._domainkey.<your domain>
  • Value: v=DMARC1; p=reject; pct=100;
  • TTL: Leave default, or enter 1800

GoDaddyDnsMadeEasyNetRegistry


4. Remove MX Records

In your DNS Management portal, delete and remove any MX Records that are published.

This will show email servers worldwide that the domain should not receive any emails also.

Click here to learn more about email authentication and DMARC

Need Help?

If you would like help with anything mentioned here

1
0
Would love your thoughts, please comment.x
()
x
Share This