Free.Scan. Assess. Secure.
Is my domain protected from spoofing?
Clear results in seconds
SPF and DMARC status at a glance — plus actionable recommendations.
SPF (Sender Policy Framework)
Define Who Can Send on Your Behalf
SPF lets domain owners specify which mail servers are allowed to send on their behalf. It's the first layer of protection against spoofing.
DMARC (Domain-based Message Authentication, Reporting & Conformance)
Take Control of Spoofed Emails
DMARC tells mail servers how to handle unauthenticated emails — quarantine them, reject them, or report on them.
Know your exposure before someone else does
Spoofed emails from your domain undermine trust, enable phishing, and create compliance risk. A quick check gives you the clarity you need to prioritize fixes.
SpoofCheck — Frequently Asked Questions
Email spoofing is when an attacker sends emails that appear to come from your domain without authorization. It enables phishing campaigns, business email compromise (BEC), and brand impersonation attacks. SPF and DMARC records are the primary defenses.
SpoofCheck analyses your domain's SPF and DMARC DNS records. It identifies misconfigurations that leave your domain open to spoofing.
Yes. SpoofCheck is completely free and requires no account or login. Simply enter your domain and you'll have results in seconds.
DMARC tells receiving mail servers what to do with emails that fail SPF checks — either quarantine them or reject them. Without a DMARC policy, attackers can send emails impersonating your domain and they'll reach inboxes.
Common SPF problems include too many DNS lookups (10-lookup limit), overly permissive records (e.g., +all instead of ~all or -all), or missing sending sources. SpoofCheck surfaces these with remediation guidance.
Insights & Solutions That Protect What Matters
Explore expert whitepapers and discover tools like AtumSeal that keep your sensitive data safe.
Need to
Send
Confidential
Notes
Securely?
Send a self-destructing note — no login required. Trusted by MSSP & Private Equity teams.
Spoofing Update
Six months after revealing that most mid-market private equity (PE) firms and their portfolio companies were vulnerable to email domain spoofing, Atumcell took another look. Despite scattered improvement, the threat remains pervasive.
Web App Penetration Testing
Portfolio companies are rapidly adopting web apps, which create serious security risks. These apps require penetration testing to mitigate risks for portfolio companies, customers, and investors.
Driving Portfolio-wide Value with Cybersecurity
Private equity firms can achieve a high ROI on cybersecurity spending. To do so they need a pragmatic, measurable, and sustained approached. This five-step roadmap shows the way.
Domain Spoofing: A Widespread Risk at PE Firms & Portfolio Companies
55 percent of mid-market PE firms and portfolio companies are vulnerable to domain spoofing, which enables phishing. No firm is fully protected across its portfolio. We've ranked the top 20 firms based on their level of protection.
A Pragmatic Guide to OT Cybersecurity in 2025
Beginning an Operational Technology (OT) cyber security journey can feel overwhelming. This guide lays out a straightforward roadmap to help make tangible progress in a reasonable timeframe.
Losing Ford Millions, With Just Four Lines Of Code
An Atumcell Red Team developed and deployed a rogue micro-controller to demonstrate Ford's vulnerability to cyber/physical attack