If you have domains that you're not using for email, please set up DNS records to prevent spammers from using them.
. TXT "v=spf1 -all"
. MX . 0
_dmarc. TXT "v=DMARC1; p=reject;"
Conversation
Replying to
Does it count when I remove MX record? Or should I set up those records anyway?
1
Replying to
Email doesn't actually require MX records - in absence of one delivery is to be attempted wherever the A record points.
You need to add records to explicitly assert no legitimate mail will be sent. SPF/DMARC records say you won't send, null MX says you don't receive.
3
1
43
Replying to
Unfortunately you need to set NULL MX and SPF records alongside every A / AAAA record.
DMARC with a reject policy will reject mail without valid and aligned DKIM or SPF though. That means the SPF records aren't very important. NULL MX is also primarily about providing fast fail.
NULL MX is primarily about being friendly to other mail servers so that they can stop trying to send mail over and over again. They can immediately report that they were unable to send mail. DMARC for domain.tld with p=reject is what's most important, and DNSSEC to authenticate.
1
So, focus on having a DMARC policy with p=reject and ideally DNSSEC. NULL MX and SPF records alongside each and every A and AAAA records is nice, but way less important.
Lack of an SPF record is not considered as SPF passing for DMARC and SPF without DMARC doesn't stop spoofing.