Not 100 % sure but.
Info:
Von RFC7505 Abschnitt 3:
- MX Resource Records Specifying Null MXTo indicate that a domain does not accept email, it advertises a single MX RR (see Section 3.3.9 of [RFC1035]) with an RDATA section consisting of preference number 0 and a zero-length label, written in master files as “.”, as the exchange domain, to denote that there exists no mail exchanger for a domain. Since “.” is not a valid host name, a null MX record cannot be confused with an ordinary MX record. **The use of “.” as a pseudo-hostname meaning no service available is modeled on the SRV RR [RFC2782] where it has a similar meaning.**A domain that advertises a null MX MUST NOT advertise any other MX RR.
So there you set the MX 0 a dot . ?
Then it should be good to also set this SPF?
A simple TXT record will do this for you, set the SPF records to have a null value with a hard fail:
@ IN TXT “v=spf1 -all”
- IN TXT “v=spf1 -all”
That’s how I ensure a domain can’t be phished that I use to internal or non-mail services.
For this:
. Domains that do not send mail
An SMTP server when presented with an “I never accept email” MX might decline to accept such email as it knows that a response or non-delivery notice will never be accepted, and that legitimate mail rarely comes from domains that do not accept replies.
SMTP servers that reject mail because a MAIL FROM domain has a NULL MX record should use a 550 reply code.
Although NULL MX may imply that a domain sends no mail, it does not sat so explicitly. Operators may want to publish SPF [RFC4408] -ALL policies to make an explicit statement.