DNS entries for a parked domain that does not send emails but has a website

HostnameTypeTTLData
@MX18000 .
@TXT1800"v=spf1 -all"
*._domainkeyTXT1800"v=DKIM1; p="
_dmarcTXT1800"v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s;fo=1;"

DNS entries explained

Null MX

Explicitly configure an ’empty’ MX record according to RFC7505.

@ 1800 IN MX 0 .

SPF

Set an an empty policy and a hard fail.

@ 1800 IN TXT "v=spf1 -all"

DKIM

*._domainkey 1800 IN TXT "v=DKIM1; p="

DMARC

Set DMARC policy to reject emails1

_dmarc 1800 IN TXT "v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s;fo=1;"

or

Set DMARC policy to reject mails, but allow reporting to take place2

_dmarc 1800 IN TXT "v=DMARC1; p=reject; rua=mailto:rua@example.com; ruf=mailto:ruf@example.com"

DNS entries for a parked domain that does not send emails

  • Don’t use an A or AAAA record for parked domains;
  • Don’t redirect from parked domain example.com to the used domain example.org, since this encourages users to keep using the parked example.com. If a redirect is desirable, make sure to use the proper redirect order in order for HSTS headers to remain effective:
    • redirect http://example.com to https://example.com
    • when using HTTPS, redirect https://example.com to https://example.org.

  1. Credit: akc3n’s page of notes ↩︎

  2. Credit: the Dutch Internet Standards Platform ↩︎