From 386270be51632e604b391a723bd66f605e7ab740 Mon Sep 17 00:00:00 2001
From: Dennis Baaten <dennis@baaten.com>
Date: Wed, 5 Jun 2019 20:17:12 +0200
Subject: [PATCH] Updated SPF how to (markdown)

---
 SPF-how-to.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/SPF-how-to.md b/SPF-how-to.md
index 14239fe..b9fb43d 100644
--- a/SPF-how-to.md
+++ b/SPF-how-to.md
@@ -11,6 +11,7 @@ Our current e-mail infrastructure was originally designed for any mail sending h
 * The sender address shown to the user ("RFC5322.From") is not used when authenticating. SPF uses the invisible "RFC5321.MailFrom" header. Combining SPF with DMARC removes this disadvantage. 
 * E-mail forwarding is not supported, since the e-mail is often forwarded by another e-mail server.
 * SPF does not work between domains that use the same e-mail server.
+* Parked domains should be explicitly configured to not use e-mail. For SPF this is done with an empty policy and a hard fail: "v=spf1 –all".
 
 # Outbound e-mail traffic (DNS records)
 SPF for outbound e-mail traffic is limited to publishing an SPF policy as a TXT-record in a domain name's DNS zone. This enables other parties to use SPF for validating the authenticity of e-mail servers sending e-mail on behalf of your domain name.