From f09f25bce0ad7cff510ba31b14bdff2668228b07 Mon Sep 17 00:00:00 2001 From: Dennis Baaten Date: Wed, 27 May 2020 11:25:54 +0200 Subject: [PATCH] Update parked-domain-how-to.md --- parked-domain-how-to.md | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/parked-domain-how-to.md b/parked-domain-how-to.md index 53c7d06..eaa5ab5 100644 --- a/parked-domain-how-to.md +++ b/parked-domain-how-to.md @@ -1,11 +1,11 @@ - [Introduction](#introduction) - [What is a parked domain?](#what-is-a-parked-domain-) - * [Domain without e-mail](#domain-without-e-mail) - + [Null MX](#null-mx) - + [DMARC](#dmarc) - + [DKIM](#dkim) - + [SPF](#spf) - * [Domain without a website](#domain-without-a-website) +- [Domain without e-mail](#domain-without-e-mail) + * [Null MX](#null-mx) + * [DMARC](#dmarc) + * [DKIM](#dkim) + * [SPF](#spf) +- [Domain without a website](#domain-without-a-website) Table of contents generated with markdown-toc @@ -15,30 +15,32 @@ This how-to is created by the Dutch Internet Standards Platform (the organizatio # What is a parked domain? [Domain parking](https://en.wikipedia.org/wiki/Domain_parking) is the registration of an Internet domain name without that domain being associated with any services such as e-mail or a website. -## Domain without e-mail +# Domain without e-mail If a domain is not using e-mail it is recommended to use the following settings. -### Null MX +## Null MX Explicitly configure an 'empty' MX record according to [RFC7505 ](https://tools.ietf.org/html/rfc7505). `example.nl IN MX 0 .` -### DMARC +## DMARC Set DMARC policy to reject mails, but allow reporting to take place. This helps detecting activity related to your domain. `_dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:rua@example.nl; ruf=mailto:ruf@example.nl` -### DKIM +## DKIM When used with a wildcard selector, setting an empty public key indicates that all previously used keys are revoked and must be considered unreliable. The owner of a domain can also use this to explicitly signal that a domain is not configured to use e-mail. See our [DKIM how-to](https://github.com/internetstandards/toolbox-wiki/blob/master/DKIM-how-to.md) for more information. `*._domainkey IN TXT "v=DKIM1; p="` -### SPF +## SPF Set an an empty policy (not mentioning any ip-adresses or hostnames which are allowed to send mail) and a hard fail. `example.nl IN TXT "v=spf1 –all"` -## Domain without a website +# Domain without a website +Apply the following settings to domains not using a website. + * Don't use an A or AAAA record for parked domains. * Don't redirect from a parked domain to the used domain, since this encourages users to keep using the parked domain name. If a redirect is desirable, make sure to use the proper redirect order in order for HSTS headers to remain effective: 1. redirect from HTTP to HTTPS on the same (sub)domain.