parked domain update

SPF-how-to.md

@@ -28,7 +28,7 @@ Our current e-mail infrastructure was originally designed for any mail sending h
 * The sender address shown to the user ("RFC5322.From") is not used when authenticating. SPF uses the invisible "RFC5321.MailFrom" header. Combining SPF with DMARC removes this disadvantage. 
 * E-mail forwarding is not supported, since the e-mail is often forwarded by another e-mail server.
 * SPF does not work between domains that use the same e-mail server.
-* Parked domains should be explicitly configured to not use e-mail. For SPF this is done with an empty policy and a hard fail: "v=spf1 –all".
+* Parked domains should be explicitly configured to not use e-mail. For SPF this is done with an empty policy (not mentioning any ip-adresses or hostnames which are allowed to send mail) and a hard fail: "v=spf1 –all".
 * When processing incoming mail we advise to favor a DMARC policy over an SPF policy. Do not configure SPF rejection to go into effect early in handling, but take full advantage of the enhancements DMARC is offering. A message might still pass based on DKIM.
   * At the same time, be aware that some operaters still allow a hard fail (-all) to go into effect early in handling and skip DMARC operations. 
 

parked-domain-how-to.md

@@ -1,3 +1,14 @@
+- [Introduction](#introduction)
+- [What is a parked domain?](#what-is-a-parked-domain-)
+  * [Domain without e-mail](#domain-without-e-mail)
+    + [Null MX](#null-mx)
+    + [DMARC](#dmarc)
+    + [DKIM](#dkim)
+    + [SPF](#spf)
+  * [Domain without a website](#domain-without-a-website)
+
+<small><i><a href='http://ecotrust-canada.github.io/markdown-toc/'>Table of contents generated with markdown-toc</a></i></small>
+
 # Introduction
 This how-to is created by the Dutch Internet Standards Platform (the organization behind [internet.nl](https://internet.nl)) and is meant to provide practical information and guidance on explicitly configuring a parked domain not to use e-mail.
 
@@ -18,10 +29,12 @@ Set DMARC policy to reject mails, but allow reporting to take place. This helps
 `_dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:rua@example.nl; ruf=mailto:ruf@example.nl`
 
 ### DKIM
+When used with a wildcard selector, setting an empty public key indicates that all previously used keys are revoked and must be considered unreliable. The owner of a domain can also use this to explicitly signal that a domain is not configured to use e-mail. See our [DKIM how-to](https://github.com/internetstandards/toolbox-wiki/blob/master/DKIM-how-to.md) for more information. 
 
 `*._domainkey IN TXT "v=DKIM1; p="`
 
 ### SPF
+Set an an empty policy (not mentioning any ip-adresses or hostnames which are allowed to send mail) and a hard fail.
 
 `example.nl IN TXT "v=spf1 –all"`