DMARC Reject Blocks Spoofing Attempt on Personal Domain

July 16, 2025

A spoofing attempt on my domain was blocked by DMARC, demonstrating the importance of DMARC, DKIM, and SPF.

Email Security
Email Security
1
min read
DMARC Reject Blocks Spoofing Attempt on Personal Domain

Received a spoofing attempt on my personal domain, but thanks to a strict DMARC policy set to reject, the email was blocked. Despite successfully passing Yahoo’s spam filters, it was still rejected.

The delivery error notification revealed the recipient and subject line of the attempted spoof.

DMARC, DKIM, and SPF are critical protocols to prevent TAs from impersonating legitimate individuals and businesses.

Scams
Email Deliverability
Phishing
Email Security
Cyber Security
Related posts
All posts
Coordinated Subdomain Takeover Campaign Targeting US Universities

Attackers are hijacking abandoned .edu subdomains via orphaned CNAME records, serving spam under trusted university domains and exploiting SEO authority.

Coordinated Subdomain Takeover Campaign Targeting US Universities
Email Security
Cloudflare's DMARC Documentation Exposed an Unregistered Domain And Dozens of Organizations Paid the Price

How an unregistered domain in Cloudflare's DMARC documentation silently exposed infrastructure data from dozens of organizations.

Cloudflare's DMARC Documentation Exposed an Unregistered Domain And Dozens of Organizations Paid the Price
Email Security
FinTech AccessPay Exposed Internal Email Infrastructure Data for Years

A misconfigured DMARC record sent sensitive email infrastructure data to an unregistered domain, creating a long-term exposure risk.

FinTech AccessPay Exposed Internal Email Infrastructure Data for Years
Email Security