Protecting Domains that do not send Email
Even if your domain isn’t set up to send email, scammers can still try to fake messages that appear to come from it. This is a common tactic in phishing and spoofing attacks.
To help protect your domain, you can add special DNS settings called TXT records. These don’t enable email—they simply tell other email systems how to handle messages that claim to be from your domain. When set up correctly, these records make it much harder for scammers to misuse your domain name.
Examples of domains that do not send email:
- Domains purchased to protect a brand name
- Domains registered for a future business or project
- Domains that redirect to your main domain
- Defunct or legacy domains no longer in active use
This article is meant to be a quick overview—a handy cheat sheet—but we strongly recommend reading Cloudflare’s excellent article on this topic. It explains the concepts in a non-technical way while still providing all the technical details you need to implement everything correctly.
Recommended DNS Records for Non-Sending Domains
Here are the basic TXT records you can add to protect a domain that shouldn’t send email:
| Function | Type | Name | Value |
|---|---|---|---|
| SPF | TXT | @ | v=spf1 -all |
| DKIM | TXT | *._domainkey.example.com | v=DKIM1; p= |
| DMARC | TXT | _dmarc.example.com | v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s |
Be sure to replace example.com with your domain name!
Conclusion
Even unused or parked domains can be weaponized in phishing attacks if left unprotected. By setting a few simple DNS records, you can make sure your domain doesn’t become a tool for scammers. For a deeper dive and step-by-step instructions, be sure to check out Cloudflare’s guide.
