WebX Auditor

DMARC record published (anti-spoofing)

The domain should publish a DMARC policy at _dmarc.<domain> so spoofed mail is quarantined or rejected and the department receives abuse reports. Strongly recommended by Indian government email-security guidance.

Security RFC 7489 (DMARC) Advanced Security Audit
In short

No DMARC record found — the domain is spoofable in phishing campaigns. This check is fully automated — the scanner returns a definitive pass or fail.

How to fix it

Publish a TXT record at _dmarc.<domain> beginning with "v=DMARC1" and a policy of "p=quarantine" or "p=reject" (p=none only monitors). Include an "rua=" mailbox for aggregate reports.

Standards this maps to

Frameworks that require this

Advanced Security Audit

Severity

warning — an important issue to address.

Scans this and 300+ other checks across accessibility, SEO, security & speed — first audit free.

Related checks

Contingency Management PlanData ProtectionSQL Injection ProtectionXSS Protection (CSP preferred over X-XSS-Protection)CSRF Token ValidationSecure File UploadInput ValidationTLS 1.2+ EnforcementSecurity Headers CSP and HSTSCookie Security Flags