BLOG // April 19, 2022

Mark a domain as not for sending with DMARC, DKIM and SPF

If you have several domains that are used for side-projects or receive email but do not send mail you may be interested in completely blocking any email from those domains using SPF, DKIM and DMARC.

The following DNS records will indicate that a domain should never send email - it can still be configured to receive mail.

TXT		_dmarc.yourdomain.com			"v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s"
TXT 	*._domainkey.yourdomain.com		"v=DKIM1; p="
TXT		yourdomain.com					"v=spf1 -all"

In particular, the SPF record lists no sources and the DMARC policy indicates that SPF fails should be rejected.

Comments

Subscribe to new articles

If you enjoy my content, consider subscribing. You will only receive new blog stories, no other email.

Work

Site

© 2022 Dave Blakey. All rights reserved.

Development, startup and tech tips from Gatsby to Laravel, Strapi to PHP.