Just a quick post on SPF and DMARC when you have a domain that’s not used for email. In this scenario mail will never be sent out by any mailserver. If someone does send out email, it is most likely malicious email and can be ignored.

You can add the following records to your DNS:

SPF:

V=spf1 -all

DMARC:

v=DMARC1;p=reject;sp=reject;pct=100

Receiving mail servers that check for SPF and DMARC will see that it’s not valid and will reject the message.