Wait, why do I need DMARC with a new domain that isn't sending any email? Remember how we said that anyone can send email claiming to be from you? We meant it.

Go and and setup a simple SPF and DMARC record to disable all email for the domain until you're ready to use it. That way, you can ensure nobody else is using it for you in the mean time. This is the "Only you can prevent forest fires" of the email world. Listen to Smokey Mail.

Go to your DNS and add these two TXT records. Take a look at dig TXT slimmeryetimbers.com and dig TXT _dmarc.slimmeryetimbers.com as an example.

slimmeryetimbers.com.        100 IN TXT "v=spf1 -all"
_dmarc.slimmeryetimbers.com. 300 IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s;"

The first sets an empty SPF record with strict enforcement, meaning no IP addresses are authorized to send email on behalf of this domain. The second sets a DMARC record with a reject policy that tells receiving mail servers to not even bother sending failing messages to spam and drop them entirely instead. The aspf and adkim settings put both into "strict" mode.

Do that on all your unused domains and you're doing your part to make the internet less spammy while protecting your own domain reputation.