Security Check
Free Email Authentication Check
Check your domain SPF, DKIM, and DMARC configuration in seconds. See whether your domain can currently be spoofed for phishing email and get specific fixes to close the gap.
Check email authentication →What's Checked
- SPF record presence, syntax, and lookup count
- DKIM record detection (common selectors)
- DMARC policy level (none / quarantine / reject)
- DMARC alignment check (strict vs relaxed)
- Subdomain DMARC coverage (sp= tag)
- DMARC reporting address configuration
- Email spoofing risk assessment
- Step-by-step remediation guidance
The most exploited misconfiguration in UK businesses
Most UK business domains can currently be spoofed for phishing email. Criminals know this. Business email compromise — where attackers forge your domain to defraud your clients — costs UK businesses hundreds of millions of pounds each year.
The fix is technical and permanent. Implement SPF to list authorised senders. Enable DKIM to cryptographically sign your messages. Enforce DMARC to reject spoofed emails. VP Shield shows you exactly where you stand right now, and what to fix first.
Common Questions
- What does email authentication protect against?
- Email authentication — SPF, DKIM, and DMARC working together — prevents attackers from sending email that appears to come from your domain. Without it, anyone can forge your domain in the From: address of phishing emails targeting your clients, suppliers, or staff.
- My domain has SPF. Does that mean I am protected?
- SPF alone is not sufficient. SPF checks the envelope sender, not the From: header that email clients display. An attacker can pass SPF while still forging your From: address. You need DMARC at p=quarantine or p=reject to prevent this.
- What does p=none DMARC mean?
- A DMARC record with p=none provides no protection — it is monitor-only mode. Spoofed emails are still delivered to recipients. The only benefit is the aggregate reports you receive showing who is sending as your domain. Move to p=quarantine then p=reject once you have reviewed your mail flows.
Run a free domain security scan
VP Shield checks DNS, TLS, email authentication, security headers, and subdomain takeover risk for any domain. Free, no login, two minutes.
Related Services
Free DNS Hygiene Check
Instantly check your domain DNS configuration for dangling CNAMEs, missing CAA records, nameserver consistency issues, and other misconfigurations that expose your organisation to attack.
Check your DNS →Free TLS & SSL Grade Check
Check your domain TLS configuration and get an SSL Labs-equivalent grade. Identifies weak cipher suites, deprecated protocol versions, certificate issues, and missing HSTS.
Check your TLS grade →Free HTTP Security Headers Check
Check your website HTTP security headers — CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy — and get a Mozilla Observatory-equivalent grade with specific recommendations.
Check security headers →