I have a domain that is used for some purposes, but not for any incoming or outgoing emails.
How should the DNS be configured to mark that all received emails from this domain are spoofed and should be ignored?
You should add:
TXT record on your main domain with v=spf1 -allTXT record on the _dmarc subdomain with v=DMARC1; p=reject (you can also add a reporting address, of course)Optionally (if you want to allow others to bounce messages immediately):
MX record on your main domain with 0 . (see RFC 7505)