DMARC Reject Blocks Spoofing Attempt on Personal Domain

July 16, 2025

A spoofing attempt on my domain was blocked by DMARC, demonstrating the importance of DMARC, DKIM, and SPF.

Email Security
Email Security
1
min read
DMARC Reject Blocks Spoofing Attempt on Personal Domain

Received a spoofing attempt on my personal domain, but thanks to a strict DMARC policy set to reject, the email was blocked. Despite successfully passing Yahoo’s spam filters, it was still rejected.

The delivery error notification revealed the recipient and subject line of the attempted spoof.

DMARC, DKIM, and SPF are critical protocols to prevent TAs from impersonating legitimate individuals and businesses.

Scams
Email Deliverability
Phishing
Email Security
Cyber Security
Related posts
All posts
Google.com Scam Sent via Gmail API - DMARC Passed, No Account Compromise

A scam email sent from @google.com passed SPF, DKIM, and DMARC without a compromised account. Here’s what it reveals about modern email threats.

Google.com Scam Sent via Gmail API - DMARC Passed, No Account Compromise
Email Security
When Vendors Control Your DNS: A Hidden DMARC Security Risk

A real-world example of how third-party DNS control can silently block DMARC visibility, redirect domain telemetry, and introduce serious email security and data exposure risks.

When Vendors Control Your DNS: A Hidden DMARC Security Risk
Email Security
2.3 million emails. One exposed API key. $10K bill.

How DMARC forensics exposed an API key leak, 2.3M unauthorized emails, and a $10K bill.

2.3 million emails. One exposed API key. $10K bill.
Email Security