Look up your DMARC record and analyse the policy, reporting addresses, and subdomain policy. See if spoofed emails are being monitored, quarantined, or rejected.

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting and Conformance) tells receiving mail servers what to do when an email fails SPF and DKIM checks. Without DMARC, servers have no instructions for handling spoofed emails from your domain.

The three policy levels are: none (monitor only), quarantine (send to spam), and reject (block entirely). Starting with "none" and reviewing aggregate reports (rua) before moving to stricter policies is a common deployment path.

DMARC Record Checker

What is DMARC?