ShieldReport
HomeWhat We CheckToolsWikiCompareRoadmapPricingBlogSign InRun Free Scan
Run Scan
HomeWhat We CheckToolsWikiCompareRoadmapPricingBlogSign In
← Back to Wiki

DNS Misconfiguration (Missing SPF/DMARC)

medium
CWE-350DNS Security

What is DNS Issues?

Missing or misconfigured SPF, DKIM, and DMARC records allow attackers to send emails that appear to come from your domain, enabling phishing and business email compromise.

How it works

Without SPF records specifying authorised mail servers, DKIM signatures for email integrity, and DMARC policies for enforcement, anyone can forge emails appearing to come from your domain.

Impact

Email spoofing, phishing attacks targeting customers and employees, business email compromise (BEC) fraud, and domain reputation damage.

How ShieldReport detects this

ShieldReport queries DNS records for SPF, DKIM, and DMARC configuration, validating policy strength and identifying common misconfigurations.

How to fix it

Configure SPF with all authorised sending IPs. Implement DKIM signing for email integrity. Set DMARC policy to at least p=quarantine, progressing to p=reject.

Tags

dnsemailspfdmarcphishing

Is your site vulnerable to DNS Issues?

Run a free scan to find out in under 2 minutes.

Scan Now
ShieldReport

Website security scanning and reporting for developers, teams, and agencies.

ShieldReport - Security reports done in minutes which developers understand | Product Hunt

Product

  • Free Security Scan
  • What We Check
  • Pricing
  • Sample Report

Resources

  • Security Blog
  • FAQ
  • Website Security Checklist
  • CSP Guide

Topics

  • Security Headers
  • TLS Configuration
  • OWASP Top 10
  • Vulnerability Scanning

© 2026 ShieldReport. All rights reserved.

Run Free ScanPricingBlogSitemapRSS Feed