How to Check If a Domain Can Be Spoof

  • Author: Blessing I. Paul

  • Last Update On: 11-Apr-2023 02:45:56am

  • Category: Education, Ethical Hacking, Technology

  • Topic: Operating System

How to Check If a Domain Can Be Spoof

With Dmarc record, you can check if a domain can be spoof or not. In this guide you learn that using Kali Linux OS. So, you must have basic knowledge of Linux command in order to use this tool. Having said that, let get started.

What is Dmarc record?

DMARC is a standard mail verification convention that's planned to allot e-mail space proprietors, the control to spare their regarded spaces from unauthenticated employments which are moreover known as spoofing of mailSo, to check whether the space is powerless to e-mail spoofing we have a mechanized scanner apparatus named as SpoofThatMailSpoofThatMail apparatus can check the single space as well as the bunch of spaces at the same time. This tool is fully mechanized and created within the Straightforward Bash script. The most include of this tool is that it checks for the DMARC record of the target space (domain).

SpoofThatMail Tool installation on the Kali Linux operating system. 

        1.  Run the following command to install the tool on your Kali Linux operating system.

 git clone


       2.  To move into the tool's directory, run the following command. To run the tool, you must move inside the directory.    

cd SpoofThatMail

 3. Grant the permissions of the file by using the below command.

sudo chmod 777 


4.   Run the command below to run the tool.

 ./ -h

This will open the tool menu for you.

Using the Kali Linux OS and the SpoofThatMail tool now.

  Method 1: Usage on a single domain, run the command below and replace the domain with yours 

 ./ -d 

From the output, you can see the dmarc record was not found, might be likely vulnerable.
NOTE: Be vulnerable does not mean it can't spoof, what if the email does not deliver inbox? Or what if other record like spf, dkim, ptr and all that was not set on the domain?

  Method 2: Usage on multiple domains

./ -f list_domains.txt

Note that we have used the domain’s file in the -f tag. Tool source please check GitHub


My next post will teach you how to use dmarc record to protect a domain/email from spoofing. If you like this article, please let me know in the comment section. You can also share with your friends and subscribe for more content like this. Thanks for reading J

  • Views 524 |

  • Comments |

  • likes

Please like and share our post on:

Comment section is On for this post

About Author

Blessing I. Paul

Blessing I. Paul

Super Admin, Founder, Admin, & Contributor

Blessing Ikechukwu, Paul, is the CEO/Manager of Blomset Drive Technologies, also the founder of this website (

He's a full stack web developer, digital marketing consultant & SEO analyst, computer security personnel and more, with more than 7+ years' experience. For hire you can contact him. You can check more of his blog post. Follow him on LinkedIn, Twitter and Facebook.

Total Comment: ()

Drop a comment below: