Secure your Inactive/Parked Domains with EasyDMARC
What are Parked Domains?
A parked domain is a domain name that is registered, but not connected to an online service like a website or email hosting. Another way to say it, it’s a purchased domain name that is not presently being used. Instead, it is “parked” for future use. It is very necessary to keep your parked domains secured, preventing them from being used by scammers. You should not only protect your main domain which is used to send emails, but you should also secure your parked domains to tell the receivers that no emails are being generated by those domains, and in case they receive an email on behalf of those parked domains, the emails should be rejected. For full protection of your parked domains, you need to publish a specific type of SPF, DKIM, and DMARC records which can be used to indicate that the domain never sends emails.
SPF for Inactive/Parked Domains
For your Inactive/Parked domains you should have an empty SPF record published in your DNS, which will indicate that the domain is currently inactive and no emails are being generated from it. See the SPF record below.
SPF: v=spf1 -all
To publish the SPF record for your parked domains:
1. Head to your DNS,
2. Click on Add a new record,
3. Set the record type TXT,
4. In the Host/Name field enter @ or the domain name. (it depends on your DNS provider)
5. In the Value/Content field enter v=spf1 -all
See an example of the SPF record published in Cloudflare.
This record specifies that no IP address is authorized to send emails from that domain.
DKIM for Inactive/Parked Domains
Usually, an email with no valid DKIM signature has to be treated as if there is no DKIM signature at all, but an email with an expired key will be treated with more caution by the receivers.
The best way to indicate that a key has been revoked is to leave the “p” tag with no value. To ensure the DKIM record will operate for any selector, you need to publish the following wildcard DKIM record.
DKIM: *._domainkey.example.com (TXT) (v=DKIM1; p=)
This record nullifies all the existing DKIM selectors in both TXT and CNAME records.
To publish the DKIM record for your parked domains:
1. Head to your DNS,
2. Click on add a new record,
3. Select the record type TXT,
4. In the Host/Name field enter *._domainkey, or *._domainkey.example.com (it depends on your DNS provider)
5. In the Value/Content field enter v=DKIM1; p=
See an example of the DKIM record published in Cloudflare.
DMARC for Inactive/Parked Domains
Most people believe they only need to implement DMARC for the main domains that they use to send emails, but this isn’t true. Hackers can spoof any domain, so every domain you have should be DMARC-protected.
To create a DMARC record for a parked domain, first, you will need to have access to the domain’s DNS settings.
Below, we will explain the process step by step:
- Navigate to the DNS settings for your domain.
- Create a TXT record type.
- The Name/Host field must be: _dmarc
- Value/Content filed must be: v=DMARC1;p=reject;rua=mailto:email@example.com;ruf=mailto:firstname.lastname@example.org;aspf=s;adkim=s
- Save the changes to your DNS settings.
See an example of the DMARC record published in Cloudflare.
Once you have created the DMARC record, it may take some time for the changes to propagate across the internet.
You can use our DMARC Record Checker tool to verify that your record is set up properly and is working as intended.