How to stop email spoofing of parked domains

Publishing a DMARC record for unused domains is a good idea. Here's how.

incoming emails / DNS security / locked server / parked domain
Thinkstock / Imaginima / Getty Images

Deploying DMARC to prevent email spoofing is a no-brainer. No one wants spoofed email from @yourdomain.com that could easily lead to a successful phishing attack or business email compromise (BEC). But have you deployed DMARC (Domain-based Message Authentication, Reporting and Conformance) for domains you own that do not send or receive email?

Consider this: If you run acmecorp.com, maybe you also own acnecorp.com. Not saying your complexion is poor, but it's a good typosquatting purchase, and a cheap insurance policy against phishing or impersonation. With DMARC deployed for acmecorp.com, spoofed emails like IAmTheCEO@acmecorp.com are toast. What about a spoofed email from acnecorp.com? You see the problem.

Publishing a DMARC record that says, "Yo, world! This domain is never, ever used for email, and if you ever get email from this domain, it is by definition not genuine" is the best way to prevent this kind of attack.

How to turn off email for parked domains

It might seem counterintuitive: Why publish a DomainKeys Identified Mail (DKIM) record in your DNS if you're never going to cryptographically sign outgoing email? Why publish a Sender Policy Framework (SPF) record if there will never be genuine email coming from your domain? It's a hack, that's why. We've been trying to back-port security onto email for 40 years and still can't get it quite right.

To continue reading this article register now

What is security's role in digital transformation?