Getting Started with SpoofWard

This guide will walk you through the essential first steps to get your domain protected with SpoofWard. You'll be monitoring email authentication within 15 minutes.

Step 1: Create Your Account

Visit SpoofWard.com and click "Get Started Free."

  • Enter your email address
  • Create a strong password
  • Verify your email address (check your inbox for a verification link)
  • You're all set! Your account is ready to use.
Tip

Use your organizational email (not personal email) to make it easier for team members to find and join your organization later.

Step 2: Create Your Organization

After signing up, you'll be prompted to create your first organization:

  • Enter your organization name
  • Verify that you own at least one domain
  • Select your industry (optional but helps with recommendations)

Your organization is the container for all your domains, team members, and settings.

Step 3: Add Your First Domain

Click "Add Domain" in the dashboard and enter your domain name (e.g., example.com).

Important: You must be able to add DNS TXT records to verify domain ownership.

Domain Verification

SpoofWard provides a DNS verification string. To verify:

  1. Log in to your DNS provider (GoDaddy, Cloudflare, Route 53, etc.)
  2. Create a new TXT record in your domain's DNS
  3. Copy the verification string from SpoofWard
  4. Paste it as the record value
  5. Save the DNS record
  6. Return to SpoofWard and click "Verify Domain"

Verification usually completes within 5 minutes (sometimes up to 24 hours if DNS is slow to propagate).

DNS Verification

Don't have direct DNS access? You can authorize team members or use SpoofWard's Hosted DNS service (Pro plan) to simplify management.

Step 4: Configure DMARC Reporting

DMARC reports are the foundation of SpoofWard's intelligence. You must point your DMARC reports to SpoofWard to receive monitoring data.

Set Your DMARC Record

In your DNS provider, create or update your DMARC record (usually at _dmarc.example.com):


v=DMARC1; p=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1

Key fields:

  • p=none - Start in monitoring mode (no enforcement yet)
  • rua=mailto:[email protected] - Aggregate report address (required)
  • ruf=mailto:[email protected] - Forensic report address (optional but recommended)
  • fo=1 - Report on DMARC failures
Important

If you already have a DMARC record, update the rua/ruf addresses to point to [email protected] instead of replacing the entire record. Preserve any existing policy and settings.

Wait for Reports

DMARC reports are sent once daily by receiving mail servers. Allow 24-48 hours for the first reports to arrive. During this time, SpoofWard will show "No reports yet" - this is normal.

Step 5: Review Your Security Score

Once reports arrive, navigate to your domain dashboard. You'll see:

  • DMARC Compliance Score - Percentage of email passing authentication (goal: 100%)
  • SPF Status - Green (passing) or red (issues)
  • DKIM Status - Green or red for all DKIM keys
  • DNS Health - Overall DNS record validation
  • Threat Summary - Count of suspicious/blocked senders

Your dashboard updates daily as new DMARC reports arrive.

Step 6: Explore the Dashboard

Domain Overview

The overview shows:

  • Authentication stats (Pass/Fail/Neutral)
  • Top senders by volume
  • Top IPs sending from your domain
  • Policy enforcement status
  • Compliance timeline

Click any sender to see detailed information about their email patterns and authentication status.

Sender Discovery

Under "Email Sources," SpoofWard lists all senders found in your DMARC reports:

  • Legitimate Senders - Services you authorized (green)
  • Unknown Senders - Need investigation (yellow)
  • Blocked Senders - Marked as suspicious (red)

Click each sender to:

  • Verify it's legitimate
  • Check SPF/DKIM alignment
  • Block suspicious sources
  • Add notes for your team

DNS Records

View your current DMARC, SPF, DKIM, MTA-STS, and BIMI records with validation status. If records are missing or invalid, SpoofWard highlights them and suggests fixes.

What's Next?

Congratulations! You're now monitoring your domain's email security. Here are recommended next steps:

  1. Authorize Senders - Review discovered senders and mark as legitimate or suspicious
  2. Review Reports - Check the "DMARC Reports" section to understand authentication patterns
  3. Strengthen SPF - Use the SPF Builder tool to create a properly formatted SPF record
  4. Check DKIM - Use the DKIM Checker tool to validate your DKIM keys
  5. Plan Enforcement - When you're ready, follow the DMARC Enforcement Roadmap to safely transition to p=quarantine and p=reject
Invite Your Team

Click "Team" in the left menu to invite colleagues. Assign roles (Owner, Admin, Analyst, Viewer) based on what they need to do.

Troubleshooting

Domain verification failed?

  • Double-check the DNS record value (it's case-sensitive)
  • Verify you're adding the TXT record to the correct domain
  • Wait a few minutes and try again (DNS propagation takes time)

No DMARC reports showing up?

  • Confirm your DMARC record has rua=mailto:[email protected]
  • Send yourself a test email and wait 24-48 hours
  • Check your DMARC record is at _dmarc.yourdomain.com, not elsewhere

Can't see team members' data?

  • Check your user role - Viewers have read-only access
  • Admins and Owners can manage permissions
  • You must be part of the same organization
Need Help?

Check out more detailed guides on specific topics, or contact our support team. We're here to help!

Your domain is being tested right now.
Are you watching?

Protect your brand and improve deliverability — automatically, with continuous monitoring and alerts.

Start Free — No Credit Card View Pricing →