Domain Spoof Test Product Manual
The Domain Spoof Test (DST) is a free tool that determines if your email address is vulnerable to spoofing. Using this test will increase your organization's awareness by letting you know if your domain is susceptible to spoofing and therefore, vulnerable to CEO fraud and other spear phishing attacks using your domain. This information can empower you to enhance your internal security measures by training your users to detect spear phishing attacks.
How Does the DST Work?
To get started, sign up for the test here. You will need a valid email address from the domain of your organization.
We will reach out to you to schedule your DST, which will attempt to spoof your domain by sending you an email from the email address you provided for the test.
If you do not receive the email or the email is sent to your spam or junk folder, your Sender Policy Framework (SPF) is working properly to detect and block email spoofing. However, if you receive the email in your inbox, your domain is vulnerable to domain spoofing.
What Do I Do If I Fail a DST?
If you have failed a DST, we recommend that you implement and verify SPF and train your users with security awareness training to help secure your domain.
To implement and verify SPF:
- Navigate to the openspf site for the instructions on information on implementing SPF.
- Verify that the SPF has been implemented here.
Microsoft has their own version of SPF called “Sender ID”. To configuring Sender ID in Exchange, click the links under the version of Exchange you are using:
- Exchange 2003:
- Exchange 2007:
- Exchange 2010 & 2013:
- Exchange 2013, 2016 & Office 365
For information on making your domain more secure for either Google Apps/GSuite or Barracuda, please see the links below:
- Google Apps/GSuite: