Domain abused for email spoofing

General Email Routing
1

Hello,

is there any way to stop email spoofing while using Cloudflare emails feature?

2

Yes, there are steps you can take to help prevent email spoofing when using Cloudflare’s email features. Here are some things to consider:

  1. Enable DKIM and SPF - These are email authentication protocols that can help prevent email spoofing. DKIM (DomainKeys Identified Mail) signs outgoing emails with a digital signature that can be verified by the recipient’s email server, while SPF (Sender Policy Framework) specifies which servers are authorized to send emails for your domain. Both of these can be configured through your DNS records on Cloudflare.
  2. Use DMARC - DMARC (Domain-based Message Authentication, Reporting, and Conformance) is another email authentication protocol that can help prevent spoofing. It builds on DKIM and SPF by allowing you to specify how your domain should handle emails that fail authentication checks. By setting up DMARC, you can instruct email servers to reject or quarantine emails that fail authentication checks.
  3. Use a dedicated email service - Cloudflare’s email features are designed to be lightweight and easy to use, but they may not provide the level of security and anti-spoofing measures that you need for your business. Consider using a dedicated email service that offers more advanced security features, such as Microsoft 365, Google Workspace, or ProtonMail.
  4. Educate your users - Email spoofing can also occur when users fall for phishing scams or other social engineering attacks. Educate your users on how to spot and avoid these types of attacks, and encourage them to report suspicious emails.

By taking these steps, you can help prevent email spoofing and ensure that your email communications are secure and trustworthy.

2 Likes
4

hello thank you for the reply
Cloudflare mails added SPF record but i don’t see any DKIM, however added the DMARC record i’ll see how that goes… thanks for helping

5

… Considering your thread title, “Domain abused for email spoofing”:

What kind of spoofing is it that you do (believe you) see, which you would like (to try) to prevent?

Could you by any chance share some examples of that?

6

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.