How To Secure Domains that Do Not Send Emails

If you have domains that do not send emails, you still need to lock them down so no spammers can spoof these domains to send emails. All you need is to add the following two DNS records to your domain’s DNS.

First, a block-all SPF txt record:

v=spf1 -all

And a DMARC policy that rejects all email that fails SPF.

v=DMARC1; p=reject; adkim=s; aspf=s;

And that’s it, quite simple steps that are enough to stop any spam emails sent from the domain.

Thanks to Alex Blackie for the excellent tip.

Leave a Reply

Your email address will not be published. Required fields are marked *