From 674d0632caed4d97a58c85b3d218d768462bb9d6 Mon Sep 17 00:00:00 2001 From: Olivier Falcoz Date: Fri, 6 Jan 2023 18:12:49 +0100 Subject: [PATCH] Upload files to 'content/posts/howto' --- content/posts/howto/_index.md | 7 +++ .../protect-domain-name-without-email.md | 59 +++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 content/posts/howto/_index.md create mode 100644 content/posts/howto/protect-domain-name-without-email.md diff --git a/content/posts/howto/_index.md b/content/posts/howto/_index.md new file mode 100644 index 0000000..9d17f7b --- /dev/null +++ b/content/posts/howto/_index.md @@ -0,0 +1,7 @@ +--- +title: How-To +ShowReadingTime: false +ShowWordCount: false +--- + +If it ain't broken, don't fix it \ No newline at end of file diff --git a/content/posts/howto/protect-domain-name-without-email.md b/content/posts/howto/protect-domain-name-without-email.md new file mode 100644 index 0000000..ca0e34b --- /dev/null +++ b/content/posts/howto/protect-domain-name-without-email.md @@ -0,0 +1,59 @@ +--- +title: "Protect a parked domain without email" +date: 2023-01-05T19:15:00+01:00 +draft: false +tags: ["How-To","Tech","email"] +author: "9x0rg" +hidemeta: false +ShowReadingTime: true +ShowPostNavLinks: true +showtoc: false +cover: + image: "/images/" + alt: "" + caption: "" +--- +## DNS entries for a parked domain that does not send emails but has a website + +| Hostname | Type | TTL | Data | +|:------------:|:----:|:----:|:-------------:| +| `@` | `MX` |`1800`|`0 .` | +| `@` | `TXT`|`1800`|`"v=spf1 -all"`| +|`*._domainkey`| `TXT`|`1800`|`"v=DKIM1; p="`| +| `_dmarc` | `TXT`|`1800`|`"v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s;fo=1;"`| + +### DNS entries explained + +#### Null MX +Explicitly configure an 'empty' MX record according to [RFC7505](https://tools.ietf.org/html/rfc7505). +``` +example.com. IN MX 0 . +``` + +#### SPF +Set an an empty policy and a hard fail. + +``` +example.com. IN TXT "v=spf1 –all" +``` + +#### DKIM + +``` +*._domainkey.example.com. IN TXT "v=DKIM1; p=" +``` + +#### DMARC +Set DMARC policy to reject mails, but allow reporting to take place. +``` +_dmarc.example.com. IN TXT "v=DMARC1; p=reject; rua=mailto:rua@example.com; ruf=mailto:ruf@example.com" +``` + +## DNS entries for a parked domain that does not send emails + +* Don't use an `A` or `AAAA` record for parked domains; +* Don't redirect from parked domain `example.com` to the used domain `example.org`, since this encourages users to keep using the parked `example.com`. If a redirect is desirable, make sure to use the proper redirect order in order for HSTS headers to remain effective: + * redirect `http://example.com` to `https://example.com` + * when using `HTTPS`, redirect `https://example.com` to `https://example.org`. +--- +**Credit**: akc3n’s [page of notes](https://akc3n.page/gists/#dns) and the [Dutch Internet Standards Platform](https://github.com/internetstandards/toolbox-wiki/blob/main/parked-domain-how-to.md#what-is-a-parked-domain-)