How to minimize the risk of your Domain being spoofed if you don't send mail.

Email can be spoofed, even when the domain isn't being used for email services.
How to minimize the risk of your Domain being spoofed if you don't send mail.

Introduction

Email spoofing involves sending an email with a false or misleading sender address in order to trick the recipient into believing that the email was sent by someone else. If you have a domain name that does not have email services attached to it, you may need to take steps to protect it from being spoofed by email. One way to do this is to modify the DNS settings at the domain registrar level. If you are unsure of how to do this, you can seek assistance from the support services of your domain registrar.

This article will lay out the steps to set up Domain-based Message Authentication, Reporting, and Conformance (DMARC). DMARC is an email authentication protocol that helps protect email senders and recipients from spam, phishing, and other types of email spoofing. By implementing DMARC for your domain, you can specify which email servers are allowed to send emails on behalf of your domain and set policies for how to handle emails that fail the DMARC evaluation. This can help prevent your domain name from being used in email spoofing attacks and protect your reputation.

The Basics

First Step: Create an SPF record

An SPF record is a Sender Policy Framework record. It’s used to indicate which hosts are authorized to send mail for a domain.

Set the value and options to this below. Depending on your DNS provider you may need to add double quotations in front of the text and after.

type: TXT
host or name: @ (if required)
value: v=spf1 -all (with or without "")

Second Step: Create a DMARC record

This is mainly for receiving servers such as Gmail, Yahoo, Outlook, or other mail authorities. It tells them what to do with the message. This is used for finite tuning of mail, and you can either quarantine or reject the mail by default.

type: TXT

host or name: _dmarc

value: v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s;fo=1;rua=mailto:dmarc@yourdomain.com

Replace dmarc@yourdomain.com with the email address that you want reports to be sent to.

Last Step: Create an empty DKIM key

DomainKeys Identified Mail is a record that allows mail authorities to check to see if the mail it received is authentic. Creating an empty DKIM key record makes the mail host more likely to reject the spoofed email.

type: TXT

host or name: *._domainkey

value: v=DKIM1; p=

Optional Step: Create an empty MX record

Depending on your host it may not be possible to create an empty mail record, however, if you can then this will be an additional nail in the coffin so to speak.

type: MX

host or name: leave this field empty

priority: 0

The Conclusion

Email spoofing is a common technique used by attackers to send fraudulent or malicious emails that appear to come from a legitimate source. If your domain name does not contain an email server or address, it is less likely to be targeted by email spoofing attacks. However, it is still important to take steps to protect your domain name from being used in email spoofing, as attackers may attempt to use it to impersonate your domain and damage your reputation.


Full Disclosure

Most of this article is comprised of facts and opinions. The featured background image was created by andyoneru and is available on Unsplash. I added a blur and a gradient overlay with the program logo for this blog post. In addition, I have added text and line art for the image to convey this post.

Subscribe to Hi! I'm Harley newsletter and stay updated.

Don't miss anything. Get all the latest posts delivered straight to your inbox. It's free!
Great! Check your inbox and click the link to confirm your subscription.
Error! Please enter a valid email address!