Irrespective of whether you decide to send your messages via a local domain, or use a subdomain, or set up an alias to point to another domain (e.g. www.), It is critical that any business that uses email to communicate with customers becomes DMARC compliant in order to protect the fidelity and privacy of customer emails.

DMARC is an email authentication protocol designed to prevent spammers from impersonating the senders of legitimate emails. Using DMARC provides real value. Not only is it an industry standard, but by implementing it you earn trust and respect from your customers, gain control of your domain from cybercriminals, and increase deliverability and message consistency.

What are Parked Domains?

Parked domains are designed by webmasters and owners of a particular website to be aliases of another domain. Basically, it refers to the practice of using an alternative domain name (i.e., parked) for advertising or administrative purposes. There are tons of reasons why you would want to create a parked domain name for a website you already have (or are building). For example, you may want to maintain multiple domains for whatever reason. It could be because you own numerous brands that will benefit from being separate entities on their own websites.

A parked domain is usually held by the registrar (the company that manages your website domain) but has no active site content, links, or any other substance associated with it. Many of my clients have hundreds, sometimes thousands, of ‘parked’ domains that they purchased years ago and never put to use. So naturally, you might be thinking about whether securing your parked domains is even necessary in the first place? The answer is, yes! Although most domains are not immediately active, they could be in the future. Now is the time to protect your reputation and avoid preventable email abuse issues in the future, with DMARC.

How Can You Leverage DMARC to Secure Your Parked Domains?

In general, ISPs will treat domain names, especially parked domains, that lack a DMARC record with a low level of scrutiny. This means that these domains may not be protected well against spam and abuse. By skipping this step, you might be protecting your main domain with 100% DMARC enforcement with a policy of p=reject, all while remaining vulnerable on your parked domains. By setting up a set of DNS records for inactive domains, you can help prevent them from being used for phishing or malware distribution.

By implementing DMARC on every domain you own, your business email will be protected over the long term. It will not take much time or effort to set up, either; just a single configuration change is all that is needed for your email to start being protected by DMARC.

However, before implementing DMARC you need to consider the following factors:

1. Make sure you have a valid and published SPF record on your DNS

For your inactive or parked domains, you only need a record that specifies that the particular domain is currently inactive and any email originating from it should be rejected. An empty SPF record with the following syntax does exactly that:

yourparkeddomain.com TXT v=spf1 -all

2. Be certain that you have a functional DKIM record published on your DNS

The best way to revoke previously active selectors is to publish that selector on a wildcard using (*) and an empty p value, indicating that any selector is invalid:

*._domainkey.yourparkeddomain.com TXT v=DKIM1; p=

3. Publish a DMARC record for your Parked Domains

In addition to publishing SPF, you should publish a DMARC record for your parked domains. This will not only help you define a DMARC policy for your inactive domains but also view and monitor fraudulent activities on these domains with reports you can view on our DMARC report analyzer dashboard. You can configure the following DMARC record for your parked domains:

_dmarc.yourparkeddomain.com TXT “v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]

 

Note: replace the sample RUA and RUF email addresses with valid email addresses wherein you want to receive your DMARC reports. However, make sure you use an address that points to a different domain that is not one of your parked domains. Alternatively, you can add your custom PowerDMARC RUA and RUF addresses to send your reports directly to your PowerDMARC account and view them on your DMARC report analyzer dashboard.

 

In case you have multiple parked domains, you can configure the following CNAME record that points to a single domain, for all your parked domains:

 

_dmarc.yourparkeddomain.com  CNAME   _dmarc.parked.example.net

Once done, you can then publish a DMARC TXT record that points to the email addresses on which you want to receive your RUA and RUF reports, for that same domain on which you have configured DMARC for your parked domains:

_dmarc.parked.example.net TXT v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]

To avoid implementing DMARC for your active and parked domains manually, help us help you automate the process and make it seamless for your organization with our proactive support team and an effective DMARC software solution. Sign up for your DMARC analyzer today!