Protect domains that do not send email

Talk about internet security, computer security, personal security, your social security number...
Post Reply
morganism
Senior Member
Posts: 134
Joined: Tue Nov 26, 2013 9:44 pm

Protect domains that do not send email

Post by morganism »

Make sure that domains that do not send email cannot be used for spoofing.

Read this guidance if you manage government IT and you want to protect domains which do not send email from spoofing attacks.

Criminals can use unprotected domains for email spoofing and phishing, making it easier to commit fraud and damage trust in your organisation.

This guidance is for domains which:

never send email like defensively registered domains or legacy domains
previously sent email but do not any more, such as gsi-family domains that are now cloud-based

Read our guide to securing government email to protect domains that do send email.

You only need access to your domain name system (DNS) records to make the changes in this guide.

To protect your domain you need to create:

an SPF record that says you do not have any sending servers
a DMARC record to reject any email from your domain
an empty DKIM key record
a null MX record

You can make bulk changes at once and alter the settings if you later decide to start sending email from this domain.

Make these changes to your domain name system (DNS) records.

https://www.gov.uk/guidance/protect-dom ... send-email
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0
Post Reply