Email spoofing — when someone sends mail that appears to come from your domain — damages brand trust and can trigger blacklisting that hurts your legitimate campaigns. This video walks through the authentication stack and policy choices that stop unauthorized senders.
SPF, DKIM, and DMARC work together. SPF lists who may send for your domain. DKIM signs message content. DMARC tells receivers what to do when authentication fails and sends you aggregate reports on who is using your domain.
Domains without DMARC enforcement remain easy targets for phishing and BEC-style attacks. Even if you do not send much email, an unprotected domain can be abused — and receivers may start treating all mail from your brand skeptically.
Brand impersonation also shows up in DMARC reports as failing sources you never authorized — marketing tools you forgot to offboard, old agencies, or outright malicious senders.
Start with SPF: enumerate every platform that sends as you (ESP, CRM, helpdesk, Shopify, etc.) and merge into a valid SPF record without too many DNS lookups.
Add DKIM for each sending source. Then publish DMARC — begin at p=none to collect reports, move toward quarantine and reject once legitimate sources pass consistently.
DMARC aggregate reports are not glamorous, but they are the early warning system for unauthorized use of your domain. Review them on a cadence — especially after adding tools or changing ESPs.
Learn more: DMARC records guide (article), and DNS auth checker tool.
Prefer YouTube? Watch on YouTube