Mark a domain as not for sending with DMARC, DKIM and SPF

If you have several domains that are used for side-projects or receive email but do not send mail you may be interested in completely blocking any email from those domains using SPF, DKIM and DMARC.

The following DNS records will indicate that a domain should never send email - it can still be configured to receive mail.

TXT		_dmarc.yourdomain.com			"v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s"
TXT 	*._domainkey.yourdomain.com		"v=DKIM1; p="
TXT		yourdomain.com					"v=spf1 -all"

In particular, the SPF record lists no sources and the DMARC policy indicates that SPF fails should be rejected.