Evaluation of SPF and DMARC extentions

Sending forged emails by taking advantage of domain spoofing is a common technique used by attackers. The lack of appropriate email anti-spoofing schemes or their misconfiguration lead to successful phishing attacks or spam dissemination. Here, we evaluate the adoption of the SPF and DMARC security extensions by domains and analyze spoofing possibilities enabled by the absence or misconfigurations of their rules.

Have you configured SPF correctly?

Enter your domain name here. We will check if the SPF of domain is correctly configured. The service will evaluate your SPF by simulating the check_host function described in RFC 7208. it shows you the current state of the SPF for your domain and possible reason(s) in case of misconfiguration.


We describe our findings in greater detail in the following publication:

Any question? Contact us!

If you want to find out more about our project, or if you have any question/comment, please write to us: maciej [dot] korczynski [a_t] univ-grenoble-alpes [dot] fr


This work has been carried out in the framework of the COMAR project funded by SIDN, the .NL Registry and AFNIC, the .FR Registry. It is also partially funded by the IDEX Université Grenoble Alpes "Initiative de Recherche Scientifique" within the framework of the PrevDDoS project and by the Grenoble Alpes Cybersecurity Institute CYBER@ALPS.