Can An Attacker Send Mail As You?
It may seem obvious that only you can send emails from your address, but in fact, email is shockingly insecure by default. Just as nothing stops you from mailing a letter with a false return address, without appropriate configuration it may be entirely possible for an attacker to impersonate your email. We check for SPF, DKIM, and DMARC records that determine whether an attacker can convincingly spoof your domain to your own staff, your customers, and your suppliers. Misconfiguration here is endemic. Where your authentication is incomplete, we set out a practical path to enforcement rather than simply flagging the gap - such as addressing overly permissive SPF records, or moving DMARC from monitoring to quarantine to reject without breaking legitimate mail, and using aggregate reporting to find the sending services you had forgotten along the way.