SPF record for similar domains to NOT allow emails?

Hello all…

We have had in the past i will call them “Bad People” registering similar domain names to the company I work for and send out phishing emails asking for bank info, they almost succeeded, was way too close.

So i went and bought all the similar domain names that i could get in order to stop others from doing so. So now i have about 20 similar domains but want to create a SPF record that indicates NOT to allow any emails from these domains. Is there a simple way to do this?

Thanks and to all a safe day!

Rob Morin
Montreal, Canada

Defensively buying and securing similar domain names is a game of Whack-a-Mole, but you should set a SPF record allowing no sending servers:
text= “v=spf1 -all”,
and a DMARC policy of reject:
_dmarc text= “v=DMARC1; p=reject;”
Add rua and maybe ruf mail address(es) to the DMARC record if you wish to monitor attempted abuse.