1
0
Fork 0
9x0rg.com/content/posts/howto/protect-domain-name-without...

2.0 KiB
Raw Blame History

title date draft tags author hidemeta ShowReadingTime ShowPostNavLinks showtoc cover
Protect a parked domain without email 2023-01-05T19:15:00+01:00 false
How-To
Tech
email
9x0rg false true true false
image alt caption
/images/ <alt text> <text>

DNS entries for a parked domain that does not send emails but has a website

Hostname Type TTL Data
@ MX 1800 0 .
@ TXT 1800 "v=spf1 -all"
*._domainkey TXT 1800 "v=DKIM1; p="
_dmarc TXT 1800 "v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s;fo=1;"

DNS entries explained

Null MX

Explicitly configure an 'empty' MX record according to RFC7505.

@ 1800 IN MX 0 .

SPF

Set an an empty policy and a hard fail.

@ 1800 IN TXT "v=spf1 -all"

DKIM

*._domainkey 1800 IN TXT "v=DKIM1; p="

DMARC

Set DMARC policy to reject emails1

_dmarc 1800 IN TXT "v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s;fo=1;"

or

Set DMARC policy to reject mails, but allow reporting to take place2

_dmarc 1800 IN TXT "v=DMARC1; p=reject; rua=mailto:rua@example.com; ruf=mailto:ruf@example.com"

DNS entries for a parked domain that does not send emails

  • Don't use an A or AAAA record for parked domains;
  • Don't redirect from parked domain example.com to the used domain example.org, since this encourages users to keep using the parked example.com. If a redirect is desirable, make sure to use the proper redirect order in order for HSTS headers to remain effective:
    • redirect http://example.com to https://example.com
    • when using HTTPS, redirect https://example.com to https://example.org.