Find out in seconds. We check your SPF, DMARC, and DKIM records and give you a plain-English score plus exactly what to fix.
Email was invented before anyone thought about spoofing. The "From" field on an email is a suggestion — anyone can put anything there. SPF, DMARC, and DKIM are three DNS records you publish that tell the receiver "here's how to verify a real message from us." Without them, anyone can send mail claiming to be from your domain — and your staff, parents, and donors have no way to tell.
A list of servers allowed to send mail for your domain. If a message arrives from a server NOT on the list, the receiver knows something is off. Ends with `-all` (strict) or `~all` (soft fail).
Tells receivers what to DO when SPF or DKIM fails: ignore (`p=none`), junk it (`p=quarantine`), or block it (`p=reject`). This is the one that actually stops spoofing.
A cryptographic signature on every message you send. Receivers verify the signature with a public key in your DNS. Proves the message really came from you and wasn't tampered with in flight.
A free TSNC account gives you unlimited scans plus weekly monitoring of your school's domain. We alert you the moment a misconfiguration appears.