Domain Spoof Test Product Manual
To learn more about this product, read the below tutorial.
What is the Domain Spoof Test
The Domain Spoof Test (DST) is a free tool that determines if your email address is vulnerable to spoofing.
Using this test will increase your organization's awareness by letting you know if your domain is susceptible to spoofing and therefore, vulnerable to CEO fraud and other spear phishing attacks using your domain.
This information can empower you to enhance your internal security measures by training your users to detect spear-phishing attacks.
How Does the DST Work?
To get started, sign up for the test here. You will need a valid email address from the domain of your organization.
We will send you an email to schedule your DST, which will attempt to spoof your domain by sending you an email from the email address you provided when signing up for the test.
If you do not receive the email or the email is sent to your spam or junk folder, your Sender Policy Framework (SPF) is working properly to detect and block email spoofing. However, if you receive the email in your inbox, your domain is vulnerable to domain spoofing.
The DST's current IP range will only pass an SPF configuration. The SPF records will indicate whether the allowed domain IPs range is within KnowBe4's IP range. If the SPF is within our allowed domain IPs range, the SPF will be marked as a pass.
The DST will not pass DMARC-SPF checks because of the format of the return headers. If the DMARC-SPF is used to check for no SPF record or an SPF record that is set to ? or ~, you will pass the DMARC-SPF check if there is a valid SPF record. If the SPF record is set to fail - then DMARC-SPF will fail.
Analyzing Your Results
If you have failed a Domain Spoof Test, we recommend that you implement and verify SPF and train your users with security awareness training to help secure your domain.
To implement and verify SPF:
- Implement SPF. For instructions on implementing SPF, see here.
- Verify that the SPF has been implemented here.
Microsoft has its own version of SPF called “Sender ID”. To configuring Sender ID in Exchange, click the links under the version of Exchange you are using:
We also recommend using an email flow rule that will deny all inbound emails claiming to be from your domain to your domain. If you intend to send emails from a third party to your users, explicitly permit this in the deny rule. You can also permit any third parties who are in your SPF record to send emails to users in the Email Flow deny rule.