Prevent abuse of your unused domain name

Prevent abuse of your unused domain name

08-05-2019 13:37:01

In a previous blog post I talked about the abuse of old domain names by criminals and how to prevent this kind of fraud: do not terminate your old domain name.

Another popular method to abuse your unused domain name is sending email from that unused domain name.

Many businesses and organisations register large amounts of domain names as a defensive strategy. This is to prevent a competitor or criminal from registering a domain name that is similar to theirs or their brand’s. However, if such companies do not protect these domain names as well as the ones they do actively use, they are still at risk of abuse. A criminal can use a defensively registered domain name to send emails from. And because the domain names are so similar to the real domain name, it increases the chances of users opening the email. 

This kind of abuse is relatively easy to prevent by letting email providers know that they should not accept email from this domain. Add a so-called 0 MX record, configure an SPF record that holds no IP address and include a DMARC record that advises to decline all email that is not ‘aligned’. 

@ IN MX 0 .
@ IN TXT "v=spf1 -all"
@ IN TXT "v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s; pct=100"

A small effort that goes a long way towards making the internet a little safer!

By: Wido Potters