Built by AuditROI | Privacy-first

Is This Sender Real, Or Spoofed?

Get an instant Trust / Caution / Nope verdict.

We only check public DNS records.

Free forever No login required We never see your emails

How It Works

Three simple steps to check if a business email can be trusted

1

Enter the Domain

Got an email from billing@company.com? Just enter "company.com" in the checker above.

2

We Check DNS Records

We instantly check SPF, DKIM, and DMARC records - the security settings that prevent email spoofing.

3

Get Your Verdict

Receive a clear Trust / Caution / Nope verdict with plain-English explanations and what to do next.

What We Check

We analyze three key email security standards - in plain English

SPF

Sender Policy Framework

Who is allowed to send email for this domain? SPF is like a guest list - it tells email servers which computers are authorized to send emails on behalf of the domain.

DKIM

DomainKeys Identified Mail

Is the email signed to prevent tampering? DKIM adds a digital signature to emails, like a wax seal on a letter - if someone changes the content, the seal breaks.

DMARC

Domain-based Message Authentication

Does the domain tell inboxes to block spoofed email? DMARC is the enforcer - it tells email providers what to do with emails that fail SPF/DKIM checks.

What the Results Mean

Clear verdicts with actionable advice

Trust

This domain has strong email authentication. It's much harder for scammers to send fake emails pretending to be from this company.

What to do:

  • • Still verify unusual requests
  • • Check sender's full email address
  • • When in doubt, call the company

Caution

This domain has partial email protection. Some security measures are in place, but it's still possible for scammers to send fake emails.

What to do:

  • • Be extra careful with this email
  • • Don't click links - go to site directly
  • • Verify by calling official number

Nope

This domain has little to no email protection. Anyone could send emails pretending to be from this company. High spoofing risk.

What to do:

  • • Do NOT trust this email
  • • Never click links or attachments
  • • Contact company via official website

When Should You Check?

Common scenarios where TrustNope can help

📄

Invoice or Payment Request

"Your invoice is attached" or "Please update your payment details" - these are classic scam emails. Check the sender's domain before paying anything.

📦

Shipping or Delivery Notice

Fake AusPost, DHL, or courier emails are everywhere. Before clicking that "track your package" link, check if the domain is legitimate.

🏦

Bank or Government Email

Emails claiming to be from your bank, the ATO, or MyGov are prime targets for spoofing. Always verify before clicking or providing information.

🔐

IT Support or Login Request

"Your account will be locked" or "Reset your password now" - these urgent requests are often fake. Check the domain before entering any credentials.

For Business Owners

Is Your Domain Showing Caution or Nope?

If your business domain isn't properly protected, customers checking their emails will see a warning - and scammers can send fake invoices using your name.

AuditROI Can Help You:

  • Properly configure SPF, DKIM, and DMARC
  • Monitor for changes and threats
  • Protect your brand from impersonation
Fix Your Email Security

Frequently Asked Questions

Is this check definitive?
TrustNope checks public DNS records for SPF, DKIM, and DMARC. While these are strong indicators of email security, no automated check can guarantee 100% safety. A "Trust" verdict means the domain is well-protected, but always verify suspicious emails through official channels.
What if it says Trust - am I safe?
A "Trust" verdict means the domain has proper email authentication, making it harder to spoof. However, it doesn't mean every email is legitimate - someone could still compromise a real account, or use a lookalike domain (like "arnazon.com" instead of "amazon.com"). Always check the actual sender address carefully.
Do you read my emails?
Absolutely not. We only check the domain's public DNS records - the same information anyone can look up. We never see, read, or store any email content. We don't even know which specific emails you're checking - only the domain name you entered.
Why is DKIM tricky to check?
DKIM records use "selectors" - unique identifiers that vary by email provider. Without knowing the selector, we can't directly verify DKIM. We check common selectors (like "google", "default", "selector1") but may miss custom ones. This is why DMARC is important - it tells us what the domain owner intended.
Is this free?
Yes, TrustNope is completely free for consumers. We want everyone to be able to check suspicious emails without any barriers. We're supported by AuditROI, which offers professional email security services for businesses.

Stay Safe Online

Check any business email domain instantly with TrustNope. Learn more about email security on our blog.

Check a Domain Read Our Blog