SpoofCheck

Email Security Analysis of croftonhouse.ca

Complete verification of croftonhouse.ca's SPF, DKIM, DMARC, and MTA-STS records. Find out if this domain is protected against email spoofing.

Last updated: April 15, 2026

40D
This domain is vulnerable to spoofing

SPF

Warning
v=spf1 ip4:146.20.113.0/24 ip4:146.20.191.0/24 ip4:159.135.224.0/20 ip4:69.72.32.0/20 ip4:104.130.122.0/23 ip4:146.20.112.0/26 ip4:161.38.192.0/20 ip4:143.55.224.0/21 ip4:143.55.232.0/22 ip4:159.112.240.0/20 ip4:198.244.48.0/20 ip4:204.220.160.0/20 ip4:141.193.32.0/23 ip4:159.135.140.80/29 ip4:159.135.132.128/25 ip4:161.38.204.0/22 ip4:87.253.232.0/21 ip4:185.189.236.0/22 ip4:185.211.120.0/22 ip4:185.250.236.0/22 ip4:143.55.236.0/22 ip4:198.244.60.0/22 include:_spf.createsend.com include:_spf.google.com include:spf.mandrillapp.com include:outboundmail.blackbaud.net ip4:208.86.168.7 ip4:135.84.68.123 ip4:135.84.79.54 ip4:206.152.14.54 ip4:184.94.119.12 ip4:103.28.42.0/24 ip4:146.88.28.0/24 ip4:163.47.180.0/22 ip4:203.55.21.0/24 ip4:204.75.142.0/24 ip4:27.126.156.0/24 ip4:184.94.119.13 ip4:184.94.119.14 ip4:23.253.183.124 ip4:66.72.37.45 ip4:69.72.44.77 ip4:69.72.38.99 ip4:69.72.34.206 ip4:69.72.32.249 ip4:143.55.227.129 ip4:146.20.191.120 ip4:146.20.191.121 ip4:146.20.191.122 ip4:146.20.191.123 ip4:146.20.191.34 ip4:146.20.191.137 ip4:159.135.232.81 ip4:166.78.71.248 ip4:166.78.70.61 ~all
Read the guide

DKIM

OK
Selectors: mandrill, mail

DMARC

Missing

No record found

Read the guide

MX

Missing

No record found

MTA-STS

Missing

No record found

Read the guide

Recommendations

  1. 1Add a DMARC record: _dmarc.yourdomain TXT "v=DMARC1; p=reject; adkim=s; aspf=s; rua=mailto:dmarc@yourdomain"

    Without DMARC, receiving mail servers have no way to know what to do when SPF or DKIM checks fail. Anyone can send emails pretending to be from your domain, and most servers will deliver them. DMARC with p=reject tells receivers to block unauthorized emails entirely.

  2. 2Harden your SPF by replacing ~all with -all (hardfail)

    With ~all (softfail), unauthorized senders are flagged but emails are usually still delivered. Switching to -all (hardfail) explicitly tells receiving servers to reject emails from unauthorized sources, providing much stronger protection against spoofing.

  3. 3Add MTA-STS to enforce TLS encryption for incoming emails

    Without MTA-STS, an attacker performing a man-in-the-middle attack can downgrade the connection between mail servers to plaintext, intercepting emails in transit. MTA-STS tells sending servers to only deliver via TLS with a valid certificate, preventing downgrade attacks.

Need help securing your domain?

If you're not sure how to apply these fixes, get in touch and we'll help you out.

Contact us

Run a live analysis

The results above are updated daily. For an instant check of croftonhouse.ca, run a live analysis.

Analyze croftonhouse.ca live

Guides to understand these results

SPF Guide

Understand how SPF defines which servers are authorized to send emails for a domain.

DKIM Guide

Discover how DKIM cryptographically signs your emails to guarantee their authenticity.

DMARC Guide

Learn how DMARC orchestrates SPF and DKIM to protect your domain.

MTA-STS Guide

Learn how MTA-STS enforces TLS encryption to protect your emails in transit.

SPF vs DKIM vs DMARC

Compare the three protocols and understand how they work together.