Parse your domain's DMARC policy, alignment settings, and reporting addresses. Flag misconfigurations that leave you vulnerable to email spoofing.
DMARC (Domain-based Message Authentication, Reporting & Conformance) ties together SPF and DKIM and tells receivers what to do when checks fail — nothing, quarantine (spam folder), or reject outright. It also lets you receive aggregate reports on spoofing attempts. Without DMARC at p=quarantine or p=reject, SPF and DKIM alone don't stop determined attackers.