Make Your Domain Emails Not Spoofeable

Posted on September 12, 2020 at 11:46 am

Simple steps to make your domain emails not spoofeable:

1) Add a TXT record (SPF):

v=spf1 a mx ~all

Or use include: to include specific hosts or IPs, example:

v=spf1 include:mx.ovh.com include:ip4:1.2.3.0/21 ~all

2) Add a TXT record (DMARC):

v=DMARC1; p=quarantine; pct=100; rua=mailto:support@yourdomain.com; ruf=mailto:support@yourdomain.com

Or you can use p=reject to reject emails:

v=DMARC1; p=reject; pct=100; rua=mailto:support@yourdomain.com; ruf=mailto:support@yourdomain.com

3) Check your domain name (e.g website.com) with these tools:

https://www.smartfense.com/en-us/tools/spoofcheck/
https://www.ipvoid.com/email-spoof-check/

Here is an example scan report for domain amazon.com:

Found SPF record:
v=spf1 include:spf1.amazon.com include:spf2.amazon.com include:amazonses.com ~all
SPF record contains an All item: ~all
Found DMARC record:
v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@bounces.amazon.com; ruf=mailto:dmarc-reports@bounces.amazon.com
DMARC policy set to quarantine
Aggregate reports will be sent: mailto:dmarc-reports@bounces.amazon.com
Forensics reports will be sent: mailto:dmarc-reports@bounces.amazon.com
Spoofing not possible for amazon.com

4) Check DNS TXT/DMARC records of popular domains:

https://www.ipvoid.com/txt-lookup/
https://www.ipvoid.com/dmarc-lookup/

You can copy SPF and DMARC records or popular domains (e.g amazon.com).

Just make sure to edit them with your domain data.

Query Admin

System Administration Tips, Security, Internet

Make Your Domain Emails Not Spoofeable

Receive updates via email

Other Posts

Updated Posts