What is email spoofing?

Email spoofing is forging the From: header to impersonate a domain the sender does not control.

How does DMARC prevent spoofing?

DMARC p=reject instructs receivers to block emails that fail SPF and DKIM alignment, preventing spoofed emails from being delivered.

Can I check if my domain is being spoofed?

Yes — enable DMARC with rua= reporting and use DomainPreflight's DMARC Report Analyzer to see all senders using your domain.

Glossary

Email Spoofing — How It Works and How to Stop It

Email spoofing is the forgery of an email's From: header to make it appear to come from a domain the sender does not control. Attackers use spoofed emails for phishing, fraud, and brand impersonation. SPF, DKIM, and DMARC are the three DNS-based standards that together prevent email spoofing.

How Email Spoofing Works

SMTP does not verify the From: header by default. Any mail server can claim to send from any domain. Without SPF, DKIM, and DMARC configured, anyone can send email appearing to come from your domain.

How to Prevent Email Spoofing

Publish an SPF record listing authorized senders
Enable DKIM signing on your mail server
Set DMARC to p=quarantine or p=reject
Monitor DMARC aggregate reports for unauthorized senders

DMARC p=reject Stops Spoofing

With DMARC p=reject, receiving servers will block any email that fails both SPF and DKIM alignment — preventing spoofed emails from reaching inboxes entirely.

Analyze DMARC aggregate reports

Open DMARC Report Analyzer →