Domain spoofing

How it works

There are two main flavours. Website spoofing uses a lookalike domain to host a copy of your site. Email spoofing forges the "From" address so messages appear to come from your domain. The email kind is preventable with SPF, DKIM, and DMARC, but only when those records are correctly enforced.

How it relates to brand impersonation

Domain spoofing is how attackers borrow your identity at scale. It underpins phishing, business email compromise, and fake-invoice fraud, all forms of brand impersonation that exploit the trust attached to your domain.

How nebty helps

nebty monitors for the lookalike domains used to spoof your brand and can take spoofing infrastructure down on demand, complementing your own SPF, DKIM, and DMARC hardening.

Website spoofing versus email spoofing

It helps to separate the two things people mean by domain spoofing, because the defences differ. Website spoofing hosts a copy of your site on a lookalike domain, and the answer is monitoring plus a takedown of the offending domain. Email spoofing forges the From address so a message appears to come from your domain, and the answer there is email authentication: SPF lists who may send for you, DKIM signs the message, and DMARC tells receivers what to do when those checks fail. With DMARC set to reject, direct spoofing of your exact domain largely stops, which simply pushes attackers onto lookalike sender domains instead. So the two defences are complementary: authentication closes your own domain, and monitoring plus takedowns handle the lookalikes attackers move to.