How to stop my domain from sending emails? Print

  • Stop domain from sending email, Stop email spoofing, DNS settings for prevention of email spoofing, Stop email phishing, how to stop email phishing, DKIM record, SPF record, DMARC record
  • 75

Learning.png

It is easy to protect your domain name from being misused to send spoofing and phishing emails which in turn can damage your domain name's reputation and result in it being blocked as malicious by email service providers and search engines. All you have to do to protect your domain name is to add/amend the following DNS records:

(1) Sender Policy Framework (SPF)

Protect domain names against attempted phishing attacks by rejecting emails sent from the domain name. Simply add an SPF record using the format below:

v=spf1 -all

The above SPF record denotes the following:

  • v=spf1 informs the server that the record contains an active SPF policy.
  • The indicator -all instructs the server what to do with non-compliant emails or any senders that are not explicitly listed in the SPF record. With the above mentioned SPF record, no IP addresses or domains are allowed, so -all states that all non-compliant emails will be rejected. 

In case you didn't know, the SPF records are set directly on the root domain name itself. This means that they do not require a subdomain.

(2) DomainKeys Identified Mail (DKIM)

DKIM records protect domain names by making sure that emails are explicitly authorized by the sender using a public key and a private key. DKIM records store the public key that the Email Server uses to authenticate whether the email signature is authorized by the sender. For domain names that do not send emails, the DKIM record can be configured without an associated public key as follows:

Name Type Content
*._domainkey.example.com TXT v=DKIM1; p=
    • In *._domainkey.example.com  the asterisk (aka wildcard) is used as the selector, which is a specialized value that the email service provider generates and uses for the domain name. The selector is part of the DKIM header and the email server uses it to lookup the DKIM in the DNS while the wildcard covers all possible values for the selector.
    • TXT shows the DNS record type.
    • v=DKIM1 tells the server the version number of a DKIM policy.
    • The p value authenticates emails by associating a signature with its public key. In the above example of the DKIM record, the p value should be empty as there is no signature/public key to associate it with.

(3) Domain-based Message Authentication, Reporting and Conformance (DMARC)

DMARC policies can be used to add an additional layer of protection by rejecting all emails that fail SPF and DKIM checks. Below is an example of how to format a policy in this way:

Name Type Content
_dmarc.example.com TXT v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s

In the above example DMARC record:

      • The name field shows that the record is set on the subdomain ( _dmarc.example.com), which is required for DMARC.
      • Type field shows  the correct DNS record type (TXT).
      • v=DMARC1 informs the server that this DNS record has an active DMARC policy.
      • p=reject tells the email servers to reject emails that fail DKIM and SPF checks.
      • adkim=s shows the alignment mode which is set to “s” for strict. Strict alignment mode means that the server of the email domain that contains the DMARC record must match the domain name in the From header of the email. If it does not match that, the DKIM check fails.
      • aspf=s serves the same purpose as adkim=s, but for SPF alignment.

Rocket Domains DNS Settings make it easy to set up the correct DNS TXT records and block spammers from misusing your domain name. To access the DNS Settings for your domain name, login to your Rocket Domains Mission Control dashboard.


Was this answer helpful?

« Back