Parked domains are registered domain names that do not have an active website associated with them. They are inactive domains which are usually purchased and registered for future use or to protect a brand’s online reputation by preventing others from registering similar domains and using them for malicious purposes. Parked domains may or may not be used for email communication.
Now, you might be wondering, “If my domain doesn’t send emails, why do I need to secure it?” The answer is yes! Even if your domain doesn’t send emails, it can still be vulnerable to email fraud if it’s not protected.
Additionally, if your organization’s email domain is protected by robust domain security measures, cybercriminals who specialize in social engineering attacks like Business Email Compromise (BEC) and spear phishing might start looking for these inactive domains to target for exploitation. Here’s where DMARC comes in to help protect inactive domains from being abused for malicious email activities.
DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that provides a way for domain owners to protect their domain from email fraud. It works by allowing domain owners to specify which email servers are authorized to send email on their behalf. This helps to prevent unauthorized use of a domain for phishing attacks and maintain your domain’s reputation. This can help safeguard against potential damage to your brand’s image and customer trust.
Implementing DMARC is a straightforward process that only involves publishing a few records in your DNS. Protect your parked domains first because they are non-email sending; they are easier to deal with and once protected, require no maintenance.
However, before implementing DMARC, you should consider the following factors:
- Ensure that a valid SPF record is present and published in your DNS.
For your inactive or parked domains, you simply need a record indicating that the domain is currently inactive and that any email sent from it should be rejected. You can achieve this by using an empty SPF record with the following syntax:
parkeddomain.com TXT v=spf1 -all
- Check to see if you have a valid DKIM record on your DNS.
The best approach to invalidate previously active DKIM selectors is to publish a DKIMrecord with (*) as your selector and an empty “p” tag. This informs MTAs that any selector for that parked domain is no longer valid and the public key used has been revoked.
*._domainkey.parkeddomain.com TXT v=DKIM1; p=
- Publish a DMARC record for your Parked Domains
You should also publish a DMARC record for your parked domains in addition to SPF. A DMARC policy of “reject” for your inactive domains helps in their security.
_dmarc.parkeddomain.com TXT “v=DMARC1; p=reject; rua=mailto:firstname.lastname@example.org ruf=mailto:email@example.com
In the above case an email from parked-domain.com should be rejected and aggregate and forensic reports will be sent to ProDMARC which is country’s first and largest DMARC analytics platform and is focused on protecting brands from mail-based spoofing & phishing threats.
With the help of the aggregate and forensic reports that can be seen on our dashboard, you can examine and keep an eye on fraudulent activity on these domains.
Set up a 15 day free trial of our DMARC Analyzer – ProDMARC and start analyzing your Domain’s DMARC data today.
You can easily check for the presence and validity of a DMARC record by using our Free DMARC record checker.
Leave a Reply