2.0 KiB
2.0 KiB
| title | date | draft | tags | author | hidemeta | ShowReadingTime | ShowPostNavLinks | showtoc | cover | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Protect a parked domain without email | 2023-01-05T19:15:00+01:00 | false |
|
9x0rg | false | true | true | false |
|
DNS entries for a parked domain that does not send emails but has a website
| Hostname | Type | TTL | Data |
|---|---|---|---|
@ |
MX |
1800 |
0 . |
@ |
TXT |
1800 |
"v=spf1 -all" |
*._domainkey |
TXT |
1800 |
"v=DKIM1; p=" |
_dmarc |
TXT |
1800 |
"v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s;fo=1;" |
DNS entries explained
Null MX
Explicitly configure an 'empty' MX record according to RFC7505.
@ 1800 IN MX 0 .
SPF
Set an an empty policy and a hard fail.
@ 1800 IN TXT "v=spf1 -all"
DKIM
*._domainkey 1800 IN TXT "v=DKIM1; p="
DMARC
Set DMARC policy to reject emails1
_dmarc 1800 IN TXT "v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s;fo=1;"
or
Set DMARC policy to reject mails, but allow reporting to take place2
_dmarc 1800 IN TXT "v=DMARC1; p=reject; rua=mailto:rua@example.com; ruf=mailto:ruf@example.com"
DNS entries for a parked domain that does not send emails
- Don't use an
AorAAAArecord for parked domains; - Don't redirect from parked domain
example.comto the used domainexample.org, since this encourages users to keep using the parkedexample.com. If a redirect is desirable, make sure to use the proper redirect order in order for HSTS headers to remain effective:- redirect
http://example.comtohttps://example.com - when using
HTTPS, redirecthttps://example.comtohttps://example.org.
- redirect
-
Credit: akc3n’s page of notes ↩︎
-
Credit: the Dutch Internet Standards Platform ↩︎