BLOG // April 19, 2022
Mark a domain as not for sending with DMARC, DKIM and SPF
If you have several domains that are used for side-projects or receive email but do not send mail you may be interested in completely blocking any email from those domains using SPF, DKIM and DMARC.
The following DNS records will indicate that a domain should never send email - it can still be configured to receive mail.
TXT _dmarc.yourdomain.com "v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s"
TXT *._domainkey.yourdomain.com "v=DKIM1; p="
TXT yourdomain.com "v=spf1 -all"
In particular, the SPF record lists no sources and the DMARC policy indicates that SPF fails should be rejected.
Comments
Subscribe to new articles
If you enjoy my content, consider subscribing. You will only receive new blog stories, no other email.