Email Authentication Check

Is Your Domain Protected
from Email Spoofing?

Without DMARC, anyone can send email that appears to come from your store — putting your customers and your brand at risk.

DMARC

DMARC helps protect your domain from being used in fake emails by monitoring senders and supporting stronger enforcement when your legitimate email services are confirmed.

Your domain name

Scanning

Resolving DNS hostname

Querying TXT records

Analyzing DMARC policy

Generating security report

Domain Checked

Policy (p=)

Subdomain Policy (sp=)

Reporting Address (rua=)

Recommendations

Industry Data

The scale of the problem

54%

of top U.S. retail domains have not reached DMARC enforcement

A dmarcian audit of the top 500 U.S. retail domains found that more than half remain at p=none or have no DMARC record at all — leaving them openly exposed to spoofing.

$3.05B

in U.S. losses from Business Email Compromise in 2025

Per the FBI IC3 2025 report. DMARC directly addresses the root cause of BEC by blocking unauthorized use of your exact sending domain.

191,561

phishing and spoofing complaints filed with the FBI in 2025

Phishing remains the #1 reported cybercrime category. Every complaint represents a real business or customer targeted — often through an unprotected domain.

Required

Since February 2024

Gmail and Yahoo mandate DMARC for all senders of 5,000+ emails per day. Domains without a record risk rejection or spam routing.

Risk Overview

What your domain is exposed to without DMARC

Email remains the primary attack vector for fraud targeting eCommerce businesses and their customers.

Email Spoofing

Attackers send email appearing to come from your domain, deceiving customers into sharing credentials or payment information.

Order & Shipping Fraud

Fake order confirmations and shipping notifications exploit trust in your brand to redirect customers to fraudulent sites.

Deliverability Loss

Without DMARC, your legitimate transactional email is more likely to be filtered into spam, reducing open rates and revenue.

Brand Integrity

A spoofing incident using your domain can permanently erode customer trust — even when the attack is not your fault.

Policy Reference

DMARC enforcement levels explained

Each policy defines how receiving mail servers handle messages that fail DMARC authentication checks.

Policy	Behavior	Risk	Recommended For
Not set	No DMARC enforcement. Domain can be spoofed freely with no visibility or control.	High	—
p=none	Monitor-only mode. Aggregate reports are generated but no action is taken on failing mail.	High	Initial setup and report collection only
p=quarantine	Failing messages are routed to the spam or junk folder rather than the inbox.	Medium	Transition phase before full enforcement
p=reject	Failing messages are rejected by the receiving server before delivery. Full spoofing protection.	Low	All verified legitimate senders configured

Methodology Queries the _dmarc.[domain] TXT record via Cloudflare DNS-over-HTTPS. Only publicly accessible DNS records are checked. No DKIM validation, SPF parsing, or live email delivery testing is performed.
Privacy Policy The domain you enter is transmitted only to Cloudflare's DNS-over-HTTPS resolver for the purpose of this lookup. No queries, results, or personal information are logged, stored, or shared.
Terms Results reflect the DMARC record present in public DNS at the time of the query. This is not a comprehensive security audit. Actual protection depends on correct SPF and DKIM configuration. Results are informational only.

Is Your Domain Protectedfrom Email Spoofing?