1
0
9x0rg.com/content/posts/howto/protect-domain-name-without-email.md

68 lines
2.0 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: "Protect a parked domain without email"
date: 2023-01-05T19:15:00+01:00
draft: false
tags: ["How-To","Tech","email"]
author: "9x0rg"
hidemeta: false
ShowReadingTime: true
ShowPostNavLinks: true
showtoc: false
cover:
image: "/images/"
alt: "<alt text>"
caption: "<text>"
---
## DNS entries for a parked domain that does not send emails but has a website
| Hostname | Type | TTL | Data |
|:------------:|:----:|:----:|:-------------:|
| `@` | `MX` |`1800`|`0 .` |
| `@` | `TXT`|`1800`|`"v=spf1 -all"`|
|`*._domainkey`| `TXT`|`1800`|`"v=DKIM1; p="`|
| `_dmarc` | `TXT`|`1800`|`"v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s;fo=1;"`|
### DNS entries explained
#### Null MX
Explicitly configure an 'empty' MX record according to [RFC7505](https://tools.ietf.org/html/rfc7505).
```
@ 1800 IN MX 0 .
```
#### SPF
Set an an empty policy and a hard fail.
```
@ 1800 IN TXT "v=spf1 -all"
```
#### DKIM
```
*._domainkey 1800 IN TXT "v=DKIM1; p="
```
#### DMARC
Set DMARC policy to reject emails[^1]
```
_dmarc 1800 IN TXT "v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s;fo=1;"
```
or
Set DMARC policy to reject mails, but allow reporting to take place[^2]
```
_dmarc 1800 IN TXT "v=DMARC1; p=reject; rua=mailto:rua@example.com; ruf=mailto:ruf@example.com"
```
## DNS entries for a parked domain that does not send emails
* Don't use an `A` or `AAAA` record for parked domains;
* Don't redirect from parked domain `example.com` to the used domain `example.org`, since this encourages users to keep using the parked `example.com`. If a redirect is desirable, make sure to use the proper redirect order in order for HSTS headers to remain effective:
* redirect `http://example.com` to `https://example.com`
* when using `HTTPS`, redirect `https://example.com` to `https://example.org`.
[^1]: **Credit:** akc3ns [page of notes](https://akc3n.page/gists/#dns)
[^2]: **Credit:** the [Dutch Internet Standards Platform](https://github.com/internetstandards/toolbox-wiki/blob/main/parked-domain-how-to.md#what-is-a-parked-domain-)