Email Security Test Domain

📧 Why did I receive an email from this domain?

This domain is part of the Net Reaction Small Business Security email configuration testing service.

Someone at your organization requested an Email Security Test, which sends a series of test emails to verify that your email provider is properly filtering malicious messages.

✅ If you're reading this on our website

You probably searched for this domain after your email server correctly rejected our test email. That's the right behavior! Your DMARC enforcement is working.

🔍 What does this test check?

Test #3: DMARC Policy Enforcement

This is the most critical email authentication test. It checks whether your email provider honors DMARC reject policies.

This domain has a strict DMARC policy (p=reject) that explicitly tells receiving servers: "If an email fails authentication, reject it completely - don't even put it in spam."

🚨 If you received this email ANYWHERE (inbox OR spam):

Your email provider is IGNORING DMARC reject policies. This is a critical security gap. Attackers can spoof emails from banks, vendors, and business partners who use DMARC, and those emails will reach your users.

🛠️ How to fix this

If this email reached you at all (inbox OR junk folder), this is a critical issue requiring immediate attention:

  1. This is a critical finding DMARC reject policies are the strongest form of email authentication. If your provider ignores them, sophisticated phishing attacks will succeed.
  2. For Microsoft 365 Check that "Honor DMARC record policy" is enabled in Anti-spam policies. Go to Microsoft 365 Defender → Email & collaboration → Policies → Anti-spam → Anti-spam inbound policy.
  3. For Google Workspace DMARC enforcement is automatic in Google Workspace. If this test failed, contact Google support immediately as something may be misconfigured.
  4. For on-premises Exchange Your email gateway or spam filter needs configuration updates to honor DMARC policies. Check your edge transport rules and anti-spam solution settings.
  5. Consider migrating if necessary If your current email solution cannot honor DMARC reject policies, this is a fundamental security limitation. Strongly consider migrating to a compliant platform.

📚 What is DMARC?

DMARC (Domain-based Message Authentication, Reporting & Conformance) ties together SPF and DKIM and tells receivers what to do when authentication fails:

  1. Three policy levels p=none (monitor only), p=quarantine (send to spam), p=reject (block completely)
  2. Reject means reject When a domain publishes p=reject, they're saying: "We have robust authentication. If an email fails, it's NOT from us - reject it."
  3. Major senders use reject Banks, payment processors, and major companies use p=reject to protect their customers from phishing.
  4. Ignoring reject = major vulnerability If your email provider ignores reject policies, attackers can perfectly spoof emails from protected domains.

Our test domain's DMARC record:

_dmarc.sillyplatypus.com TXT "v=DMARC1; p=reject; aspf=s; adkim=s"

This says: "Reject any email that fails authentication. No exceptions."

This test is provided by Net Reaction Security

Questions? Contact security@netreaction.com