< back to blog

Secure Parked Domains to Protect Your Brand Against Fraud

April 8, 2024
Security
VerifyDMARC

Introduction

Parked domains are domains that have been registered but are not actively being used for sending (legitimate) email. Businesses will often register domains and keep them disused to protect their brand. These are often overlooked in cybersecurity strategies however, failing to secure these domains can lead to brand damage if they are used to launch email spoofing attacks. These attacks can be used to perpetrate fraud against your organisation, customers or suppliers.

Update: VerifyDMARC has launched new Parked Flag and Auto Park features to streamline parked domain management, lean more in this blog post.

Quick fix

Any domain that you are sure is not used to send legitimate email can be configured with a simple DMARC reject policy and a blank SPF Record. This informs recipient mail servers that there are no authorised mail senders and to reject any emails that are addressed from the domain.

If you are not 100% sure if a domain has a legitimate business reason to be sending email, you should collect DMARC reports before moving to an enforcement DMARC policy - that's where VerifyDMARC can help.

If you are confident the parked domain is not used to send legitimate email, in the domain's DNS manager configure two records:

DMARC

Hostname: _dmarc.yourdomain.com

Type: TXT

Value: v=DMARC1; p=reject

SPF

Hostname: yourdomain.com

Type: TXT

Value: v=spf1 -all

Best Practice

The comprehensive solution is to collect and analyse DMARC reports from all domains, including parked domains. This can highlight if a domain is being abused or if someone in the organisation begins to use the domain for legitimate email and any subsequent DMARC compliance and deliverability issues.

VerifyDMARC offers generous domain limits on all plans, so you don't have to make the choice between security and budget constraints. The status alerts in the Dashboard highlight DMARC record misconfiguration, providing feedback to ensure DMARC records remain valid and secure over time.

START FREE TRIAL
Fixing "550; 5.7.15 Access denied" from Microsoft

Fixing "550; 5.7.15 Access denied" from Microsoft

Microsoft will reject mail that "does not meet the required authentication level". To fix this, you need a DMARC record, SPF and DKIM passing, plus SPF or DKIM alignment.

DMARC Protocol
Mail Providers
Protect your E-commerce Business & Customers with DMARC

Protect your E-commerce Business & Customers with DMARC

Learn how to stop email spoofing and improve delivery of order confirmations with DMARC. Implementation guide for Shopify, WooCommerce and Marketo.

Security
VerifyDMARC
New Insight Reports for Efficient Multi-Domain Management

New Insight Reports for Efficient Multi-Domain Management

We're excited to announce two new Insight reports designed to streamline multi-domain management: Sender Compliance Report and SPF Record Checker.

Product Updates
VerifyDMARC