Skip to content

Standard NoMX

Jump to bottom
Tor Vigesdal edited this page Oct 15, 2019 · 1 revision

Locking down a domain

We all register domains that

  • we are not ready to use
  • simply redirect users to a product page, or to our main page
  • we do not want competitors or attackers to use

These domains are not meant to be used for e-mail and should be protected from day one.

To disable e-mail for a domain:

Create the following three entries in DNS:

  1. A Null MX record, as defined in RFC7505. This is an MX record with a preference of 0 and a value of . (dot). When verified using NSLOOKUP it looks like this: coompany. com MX preference = 0, mail exchanger = (root)
  2. An SPF policy "v=spf1 -all" as a TXT record. When verified with NSLOOKUP it looks like this: coompany. com text = "v=spf1 -all"
  3. A DMARC policy "v=DMARC1; p=reject; aspf=s". NSLOOKUP returns: _dmarc.coompany. com text = "v=DMARC1; p=reject; aspf=s"
Clone this wiki locally