Specifying a domain does not receive or send email with DNS (and SPF for good measure)

There are a number of times when a domain is being used for something else other than web sites and emails. It should never send email, nor should it ever need to receive it because it does not generate abuse.

Telling everyone else about your choice never to send email from this domain means that it has less chance of being abused in a Joe Job, and you have less to worry about when it comes to that domain. It might even save a few people on the internet from seeing a couple more spam messages.

To disable receipt of email, set the MX record to priority 0 and content of ".". For MTA's like Exim, this is a good enough sign that it should neither accept email from this domain, nor attempt to send to it. Upon spotting one of these, Exim will log the event and reject the email (if you have followed the general gist of the default config).

2011-06-20 23:50:05 H=fm-ip-118.136.2.105.fast.net.id [118.136.2.105] sender verify fail for <ovts@cctp.net>: an MX or SRV record indicated no SMTP service
2011-06-20 23:50:05 H=fm-ip-118.136.2.105.fast.net.id [118.136.2.105] F=<ovts@cctp.net> rejected RCPT <REDACTED>: Sender verify failed

Since not all MTA use that kind of check before accepting emails, you can use other signs to say that email should not be accepted from the domain. One of those is SPF, or Sender Policy Framework. This is a system designed to specify which IP addresses on the internet are allowed to send emails with the domain in the envelope from.

To tell the world that a domain doesn't send email via SPF, create a TXT and SPF record on the domain with the contents "v=spf1 -all".

Not all DNS hosting platforms will provide SPF as a RR type.

@todo finish this