If your business uses Microsoft 365 for email, here is how to enable the three anti-spoofing protections, step by step.
In your DNS zone, add (or complete) a TXT record on your domain:
v=spf1 include:spf.protection.outlook.com -all
If you also send email through other services (newsletter, CRM), add their "include" entries before the -all.
In the Microsoft Defender portal (security.microsoft.com) → Email & collaboration → Policies & rules → DKIM. Select your domain, then enable DKIM. Microsoft gives you two CNAME records (selector1._domainkey and selector2._domainkey) to add to your DNS, then you turn on signing.
Add a TXT record on _dmarc.yourdomain.com. Start in monitoring mode:
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
After a few weeks with no issues, move to p=quarantine, then p=reject for maximum protection.
Enter your domain: we test your SPF, DKIM, DMARC and website, and give you the exact action plan.
Run the free check