Make Your Domain Emails Not Spoofeable

Posted on September 12, 2020 at 11:46 am

Simple steps to make your domain emails not spoofeable:

1) Add a TXT record (SPF):

v=spf1 a mx ~all

Or use include: to include specific hosts or IPs, example:

v=spf1 include:mx.ovh.com include:ip4:1.2.3.0/21 ~all

2) Add a TXT record (DMARC):

v=DMARC1; p=quarantine; pct=100; rua=mailto:support@yourdomain.com; ruf=mailto:support@yourdomain.com

Or you can use p=reject to reject emails:

v=DMARC1; p=reject; pct=100; rua=mailto:support@yourdomain.com; ruf=mailto:support@yourdomain.com

3) Check your domain name (e.g website.com) with these tools:

https://www.smartfense.com/en-us/tools/spoofcheck/
https://www.ipvoid.com/email-spoof-check/

Here is an example scan report for domain amazon.com:

Found SPF record:
v=spf1 include:spf1.amazon.com include:spf2.amazon.com include:amazonses.com ~all
SPF record contains an All item: ~all
Found DMARC record:
v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@bounces.amazon.com; ruf=mailto:dmarc-reports@bounces.amazon.com
DMARC policy set to quarantine
Aggregate reports will be sent: mailto:dmarc-reports@bounces.amazon.com
Forensics reports will be sent: mailto:dmarc-reports@bounces.amazon.com
Spoofing not possible for amazon.com

4) Check DNS TXT/DMARC records of popular domains:

https://www.ipvoid.com/txt-lookup/
https://www.ipvoid.com/dmarc-lookup/

You can copy SPF and DMARC records or popular domains (e.g amazon.com).

Just make sure to edit them with your domain data.

Receive updates via email

Other Posts

Updated Posts