17

I created website for someone, but also someone (I guess some SEO guy) told this person that I made big mistake because there are missing DNS records on domain (mx, SPF, dmarc). Now I need to "fix" my error.

Thing is, of course these records are used for Email purposes, but there is NO email in this domain (just simple free Gmail account).

So, is there any reason to add these records anyway? How they should look like? Only reason I can think of is preventing SPAM using my domain identity. But I thought that SPAM filters are not going to pass email from my domain anyway if these records are missing, so what's the point?

Dave M
  • 4,494
  • 21
  • 30
  • 30
norr
  • 273
  • 1
  • 5
  • 1
    "just simple free gmail account" - on your domain? – user253751 Mar 22 '21 at 17:22
  • @user253751 Really old Google Business accounts were(and still are free for those of us who have them.) This is probably what the user means. They are probably hosting a second domain in addition to the primary that has all of those services you expect. – Rowan Hawkins Mar 30 '21 at 01:40
  • @RowanHawkins I interpreted it as: the domain owner uses a “simple free gmail account” *instead of* maintaining an e-mail service through this domain. – Brian Drake Mar 30 '21 at 09:31

2 Answers2

49

The point would largely boil down to being a good citizen and reducing abuse, like making your domain less useful for spammers to impersonate and to make it immediately clear to others that mail is not deliverable there.

If the claim is accurate that the domain is not used for either sending or receiving email at all, you could add something like this:

domain.example. IN MX 0 .
domain.example. IN TXT "v=spf1 -all"
_dmarc.domain.example. IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s;"

This indicates that inbound mail is not accepted (null MX), and that any mail sent from the domain should be rejected (SPF policy that lists no allowed senders + DMARC policy enforces From-header alignment).

Håkan Lindqvist
  • 33,741
  • 5
  • 65
  • 90
  • 7
    Is it worth adding that mail servers will try using the matching A record if no MX record can be found so adding a null MX prevents this attempt? – Tommiie Mar 22 '21 at 06:24
  • On top of being a responsible citizen, I have just experienced around 40000 spam with my From name on it bouncing back to me. As I am easy to find by m name, this has led to a lot of personal abuse through messaging channels. Adding the above SPF seems to near eliminate such traffic. – jdog Mar 24 '21 at 00:41
  • 1
    @Tommiie this question answers that: https://serverfault.com/a/470651/161482 TL;DR: Yes it will fallback to the A-record – xorinzor Mar 24 '21 at 13:11
4

If you're not serving email, and you're not planning to send an email out from the domain, then you are correct - you do not need these records.

EDIT: The other answer indicating utilization of records to zero out possibility of bad actors using the domain instead is a much more thought-out answer and should be considered best practice. I know I'm going to do so now!

tilleyc
  • 914
  • 4
  • 11