Introducing PostScale -- email API for transactional, inbound, and masked addresses. PostScale

    Stop Email Spoofing: Secure Your Domain in 5 Minutes

    Published on January 09, 2026

    Protect your domain from phishing attacks with SPF, DKIM, and DMARC records. Learn how to set them up on DNScale in minutes via dashboard or API.

    Anyone can send an email pretending to be you.

    Right now, someone could send an email from ceo@yourdomain.com asking your accountant to wire money. Without email authentication, your mail server has no way to flag it as fake.

    This isn't theoretical. Business Email Compromise scams cost organizations billions annually. And it starts with email spoofing.

    The fix? Three DNS records. A few minutes of setup.

    The Problem

    Most domains have no email authentication. This means:

    • Attackers can send phishing emails appearing to come from your domain
    • Your legitimate emails may land in spam
    • Your brand reputation is at risk

    Check yours: MXToolbox DMARC Check

    If you see "No DMARC record found" ā€” you're vulnerable.

    The Solution: SPF + DKIM + DMARC

    SPF lists which servers can send email for your domain. If an email comes from an unauthorized server, receivers know it's suspicious.

    DKIM cryptographically signs your emails. Receivers verify the signature using a public key in your DNS, proving the email wasn't tampered with.

    DMARC tells receivers what to do with emails that fail SPF or DKIM: monitor, quarantine, or reject.

    Together: "Only these servers can send as us, here's our signature to prove it's real, and reject anything that doesn't check out."

    Setup via Dashboard

    Step 1: Add SPF Record

    1. Log in at dnscale.eu
    2. Select your domain
    3. Click Add Record
    4. Configure:
      • Name: (leave empty)
      • Type: TXT
      • Content: v=spf1 include:_spf.google.com ~all
      • TTL: 3600

    Replace the include with your email provider. Microsoft 365: include:spf.protection.outlook.com

    Step 2: Add DKIM Record

    1. Get your DKIM public key from your email provider:
      • Google Workspace: Admin Console ā†’ Gmail ā†’ Authenticate email
      • Microsoft 365: Defender ā†’ DKIM settings
      • Others: Check your provider's DNS settings page
    2. Click Add Record
    3. Configure:
      • Name: google._domainkey (or your provider's selector)
      • Type: TXT
      • Content: v=DKIM1; k=rsa; p=MIIBIjAN... (your public key)
      • TTL: 3600

    Step 3: Add DMARC Record

    1. Click Add Record
    2. Configure:
      • Name: _dmarc
      • Type: TXT
      • Content: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
      • TTL: 3600

    Done. Your domain now has full email authentication.

    Setup via API

    Three commands:

    export DNSCALE_API_KEY="your-api-key"
export ZONE_ID="your-zone-id"
 
# SPF
curl -X POST "https://api.dnscale.eu/v1/zones/$ZONE_ID/records" \
  -H "Authorization: Bearer $DNSCALE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name":"@","type":"TXT","content":"v=spf1 include:_spf.google.com ~all","ttl":3600}'
 
# DKIM (get your public key from your email provider)
curl -X POST "https://api.dnscale.eu/v1/zones/$ZONE_ID/records" \
  -H "Authorization: Bearer $DNSCALE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name":"google._domainkey","type":"TXT","content":"v=DKIM1; k=rsa; p=YOUR_PUBLIC_KEY","ttl":3600}'
 
# DMARC
curl -X POST "https://api.dnscale.eu/v1/zones/$ZONE_ID/records" \
  -H "Authorization: Bearer $DNSCALE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name":"_dmarc","type":"TXT","content":"v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com","ttl":3600}'

    Verify It Works

    Send a test email to Gmail, then click the three dots ā†’ "Show original". Look for:

    • spf=pass
    • dkim=pass
    • dmarc=pass

    All three passing? You're protected.

    What's Next

    You've deployed with p=none (monitor mode). This lets you:

    1. Collect reports for 2-4 weeks
    2. Identify legitimate services you missed
    3. Fix issues before enforcing

    Then gradually tighten:

    • p=quarantine ā€” suspicious emails go to spam
    • p=reject ā€” fake emails are blocked

    For the complete reference including DKIM key rotation and advanced configurations, see our Email Security Guide.

    Why DNScale

    • Fast setup ā€” Dashboard or API, your choice
    • Instant propagation ā€” Changes go live in seconds
    • EU-based ā€” Your DNS data stays in Europe
    • No lock-in ā€” Standard DNS, export anytime

    Email authentication is one of the highest-impact security improvements you can make. Three records, full protection.

    Get started free and secure your domain today.