The Domain Spoofing Report turns a tenant’s Domain Spoofing scan into a white-labeled PDF you can hand to a client. It leads with whether Exchange Online Direct Send is enabled, then shows, for every custom domain in the tenant, whether SPF, DMARC, and DKIM are configured and whether the domain can be spoofed. It carries your organization’s logo and name, so it’s ready to send to the client as-is.Documentation Index
Fetch the complete documentation index at: https://docs.petrasecurity.com/docs/llms.txt
Use this file to discover all available pages before exploring further.
How to download it
- Open a tenant page and click Domain Spoofing to open the scan.
- Wait for the scan to finish (it checks Direct Send and every custom domain your tenant’s users send from).
- Click Download PDF.
{tenant}_domain_spoofing_{date}.pdf.
What’s in the report
The report opens with a cover and summary page that leads with the Direct Send finding, then dedicates one page to each domain.Cover and summary
- Enabled: Direct Send is allowed, so unauthenticated mail can spoof the domain to the tenant’s own users.
- Disabled: Exchange rejects unauthenticated Direct Send mail, so the vector is closed.
- Unknown: Petra couldn’t read the setting from Microsoft (shown as “Unable to determine direct send enablement status.”).
The report is fully white-labeled and contains findings and risk assessments only, with no vendor names, links, or remediation steps. The fixes, including the PowerShell command to disable Direct Send and links to deeper guidance, live in the product on the Domain Spoofing scan, not in the client-facing PDF.
One page per domain
Each domain gets its own page showing the overall spoofing risk, a status for SPF, DMARC, and DKIM, and for each record: what it means, the risk it creates, and the raw DNS record.
Related
- Domain Spoofing (Direct Send, SPF, DMARC, DKIM) explains every result and how to fix it.