Parked domains are domains that have been registered but are not actively being used for sending (legitimate) email. Businesses will often register domains and keep them disused to protect their brand. These are often overlooked in cybersecurity strategies however, failing to secure these domains can lead to brand damage if they are used to launch email spoofing attacks. These attacks can be used to perpetrate fraud against your organisation, customers or suppliers.
Update: VerifyDMARC has launched new Parked Flag and Auto Park features to streamline parked domain management, lean more in this blog post.
Any domain that you are sure is not used to send legitimate email can be configured with a simple DMARC reject policy and a blank SPF Record. This informs recipient mail servers that there are no authorised mail senders and to reject any emails that are addressed from the domain.
If you are not 100% sure if a domain has a legitimate business reason to be sending email, you should collect DMARC reports before moving to an enforcement DMARC policy - that's where VerifyDMARC can help.
If you are confident the parked domain is not used to send legitimate email, in the domain's DNS manager configure two records:
Hostname: _dmarc.yourdomain.com
Type: TXT
Value: v=DMARC1; p=reject
Hostname: yourdomain.com
Type: TXT
Value: v=spf1 -all
The comprehensive solution is to collect and analyse DMARC reports from all domains, including parked domains. This can highlight if a domain is being abused or if someone in the organisation begins to use the domain for legitimate email and any subsequent DMARC compliance and deliverability issues.
VerifyDMARC offers generous domain limits on all plans, so you don't have to make the choice between security and budget constraints. The status alerts in the Dashboard highlight DMARC record misconfiguration, providing feedback to ensure DMARC records remain valid and secure over time.
Learn how to stop email spoofing and improve delivery of order confirmations with DMARC. Implementation guide for Shopify, WooCommerce and Adobe Marketo.
Even with p=none, DMARC without report monitoring is like driving blindfolded. Mail servers still check authentication, impacting your deliverability.
VerifyDMARC now offers SMTP TLS Reporting capabilities, enabling monitoring of MTA-STS and DANE policy performance for improved email transport security.