x0rg
/
9x0rg.com
1
0
Fork 0
Code Releases Activity

Update 'content/posts/howto/protect-domain-name-without-email.md'

This commit is contained in:
Olivier 2023-01-07 00:19:50 +01:00
parent 674d0632ca
commit e5898f49f1
1 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
content/posts/howto/protect-domain-name-without-email.md
View File

@ -27,26 +27,33 @@ cover:
#### Null MX #### Null MX
Explicitly configure an 'empty' MX record according to [RFC7505](https://tools.ietf.org/html/rfc7505). Explicitly configure an 'empty' MX record according to [RFC7505](https://tools.ietf.org/html/rfc7505).
``` ```
example.com. IN MX 0 . @ 1800 IN MX 0 .
``` ```
#### SPF #### SPF
Set an an empty policy and a hard fail. Set an an empty policy and a hard fail.
``` ```
example.com. IN TXT "v=spf1 all" @ 1800 IN TXT "v=spf1 -all"
``` ```
#### DKIM #### DKIM
``` ```
*._domainkey.example.com. IN TXT "v=DKIM1; p=" *._domainkey 1800 IN TXT "v=DKIM1; p="
``` ```
#### DMARC #### DMARC
Set DMARC policy to reject mails, but allow reporting to take place.
Set DMARC policy to reject emails[^1]
``` ```
_dmarc.example.com. IN TXT "v=DMARC1; p=reject; rua=mailto:rua@example.com; ruf=mailto:ruf@example.com" _dmarc 1800 IN TXT "v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s;fo=1;"
```
or
Set DMARC policy to reject mails, but allow reporting to take place[^2]
```
_dmarc 1800 IN TXT "v=DMARC1; p=reject; rua=mailto:rua@example.com; ruf=mailto:ruf@example.com"
``` ```
## DNS entries for a parked domain that does not send emails ## DNS entries for a parked domain that does not send emails
@ -55,5 +62,6 @@ _dmarc.example.com. IN TXT "v=DMARC1; p=reject; rua=mailto:rua@example.com; ruf=
* Don't redirect from parked domain `example.com` to the used domain `example.org`, since this encourages users to keep using the parked `example.com`. If a redirect is desirable, make sure to use the proper redirect order in order for HSTS headers to remain effective: * Don't redirect from parked domain `example.com` to the used domain `example.org`, since this encourages users to keep using the parked `example.com`. If a redirect is desirable, make sure to use the proper redirect order in order for HSTS headers to remain effective:
* redirect `http://example.com` to `https://example.com` * redirect `http://example.com` to `https://example.com`
* when using `HTTPS`, redirect `https://example.com` to `https://example.org`. * when using `HTTPS`, redirect `https://example.com` to `https://example.org`.
---
**Credit**: akc3ns [page of notes](https://akc3n.page/gists/#dns) and the [Dutch Internet Standards Platform](https://github.com/internetstandards/toolbox-wiki/blob/main/parked-domain-how-to.md#what-is-a-parked-domain-) [^1]: **Credit:** akc3ns [page of notes](https://akc3n.page/gists/#dns)
[^2]: **Credit:** the [Dutch Internet Standards Platform](https://github.com/internetstandards/toolbox-wiki/blob/main/parked-domain-how-to.md#what-is-a-parked-domain-)