Secure Parked Domains to Protect Your Brand Against Fraud

Introduction

Parked domains are domains that have been registered but are not actively being used for sending (legitimate) email. Businesses will often register domains and keep them disused to protect their brand. These are often overlooked in cybersecurity strategies however, failing to secure these domains can lead to brand damage if they are used to launch email spoofing attacks. These attacks can be used to perpetrate fraud against your organisation, customers or suppliers.

Quick fix

Any domain that you are sure is not used to send legitimate email can be configured with a simple DMARC reject policy and a blank SPF Record. This informs recipient mail servers that there are no authorised mail senders and to reject any emails that are addressed from the domain.

If you are not 100% sure if a domain has a legitimate business reason to be sending email, you should collect DMARC reports before moving to an enforcement DMARC policy - that's where VerifyDMARC can help.

If you are confident the parked domain is not used to send legitimate email, in the domain's DNS manager configure two records:

DMARC

Hostname: _dmarc.yourdomain.com

Type: TXT

Value: v=DMARC1; p=reject

SPF

Hostname: yourdomain.com

Type: TXT

Value: v=spf1 -all

Best Practice

The comprehensive solution is to collect and analyse DMARC reports from all domains, including parked domains. This can highlight if a domain is being abused or if someone in the organisation begins to use the domain for legitimate email and any subsequent DMARC compliance and deliverability issues.

VerifyDMARC offers generous domain limits on all plans, so you don't have to make the choice between security and budget constraints. The status alerts in the Dashboard highlight DMARC record misconfiguration, providing feedback to ensure DMARC records remain valid and secure over time.