A domain that doesn't receive or send emails can be used in email spoofing attacks. Domain owners should set a couple of TXT records to configure email authentication:
| Name | Content |
|---|---|
| example.com | v=spf1 -all |
| *._domainkey.example.com | v=DKIM1; p= |
| _dmarc.example.com | v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s |
Spotted on "How to protect domains that do not send email" by Cloudflare.