Domain Spoof Test Product Manual
To learn more about this product, read the below tutorial.
What is the Domain Spoof Test
The Domain Spoof Test (DST) is a free tool that determines if your email address is vulnerable to spoofing.
Using this test will increase your organization's awareness by letting you know if your domain is susceptible to spoofing and therefore, vulnerable to CEO fraud and other spear phishing attacks using your domain.
This information can empower you to enhance your internal security measures by training your users to detect spear-phishing attacks.
How Does the DST Work?
To get started, sign up for the test here. You will need a valid email address from the domain of your organization.
We will send you an email to schedule your DST, which will attempt to spoof your domain by sending you an email from the email address you provided when signing up for the test.
If you do not receive the email or the email is sent to your spam or junk folder, your Sender Policy Framework (SPF) is working properly to detect and block email spoofing. However, if you receive the email in your inbox, your domain is vulnerable to domain spoofing.
Analyzing Your Results
If you have failed a Domain Spoof Test, we recommend that you implement and verify SPF and train your users with security awareness training to help secure your domain.
To implement and verify SPF:
- Implement SPF. For instructions on implementing SPF, see here.
- Verify that the SPF has been implemented here.
Microsoft has its own version of SPF called “Sender ID”. To configuring Sender ID in Exchange, click the links under the version of Exchange you are using: