Vulnerability Insights

Email Security & Spoofing

Analyse email security settings (SPF & DKIM) that determine if your domains can be spoofed for phishing and business email compromise attacks.

Key capabilities

SPF record analysis

Validates your SPF records for correct syntax, authorised senders, and enforcement policy, detecting misconfigurations that allow spoofing.

DKIM verification

Checks for the presence and validity of DKIM signing, ensuring outbound email integrity can be verified by recipients.

DMARC policy assessment

Evaluates your DMARC policy enforcement level and reporting configuration, identifying gaps that leave your domain open to impersonation.

Spoofability scoring

Provides a clear spoofability rating for each domain based on the combined strength of SPF, DKIM, and DMARC configurations.

Why it matters

Email spoofing is the foundation of most phishing and BEC attacks. Properly configured email authentication is the single most effective defence against domain impersonation.

More Vulnerability Insights capabilities

IP Discovery & Open Port Scanning Passive Vulnerability Assessment Expired SSL Certificates Vulnerable SSL Certificates Dangling Subdomains Outdated Web Technologies View all Vulnerability Insights capabilities →

See Email Security & Spoofing in action

Book a personalised demo and we'll walk you through this capability in the context of your own environment.