How to stop email spoofing of parked domains

Publishing a DMARC record for unused domains is a good idea. Here's how.

incoming emails / DNS security / locked server / parked domain
Thinkstock / Imaginima / Getty Images

Deploying DMARC to prevent email spoofing is a no-brainer. No one wants spoofed email from that could easily lead to a successful phishing attack or business email compromise (BEC). But have you deployed DMARC (Domain-based Message Authentication, Reporting and Conformance) for domains you own that do not send or receive email?

Consider this: If you run, maybe you also own Not saying your complexion is poor, but it's a good typosquatting purchase, and a cheap insurance policy against phishing or impersonation. With DMARC deployed for, spoofed emails like are toast. What about a spoofed email from You see the problem.

Publishing a DMARC record that says, "Yo, world! This domain is never, ever used for email, and if you ever get email from this domain, it is by definition not genuine" is the best way to prevent this kind of attack.

How to turn off email for parked domains

To continue reading this article register now

What is security's role in digital transformation?