> ## Documentation Index
> Fetch the complete documentation index at: https://docs.petrasecurity.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Domain Spoofing Report

> Download a white-labeled PDF of a tenant's spoofing exposure: whether Direct Send is enabled, plus SPF, DMARC, and DKIM posture and the spoofing risk for every domain.

The Domain Spoofing Report turns a tenant's [Domain Spoofing scan](/investigating/domain-spoofing) into a white-labeled PDF you can hand to a client. It leads with whether Exchange Online Direct Send is enabled, then shows, for every custom domain in the tenant, whether SPF, DMARC, and DKIM are configured and whether the domain can be spoofed.

It carries your organization's logo and name, so it's ready to send to the client as-is.

## How to download it

1. Open a tenant page and click **Domain Spoofing** to open the scan.
2. Wait for the scan to finish (it checks Direct Send and every custom domain your tenant's users send from).
3. Click **Download PDF**.

The file is named `{tenant}_domain_spoofing_{date}.pdf`.

## What's in the report

The report opens with a cover and summary page that leads with the Direct Send finding, then dedicates one page to each domain.

### Cover and summary

<Frame caption="The cover page of the Domain Spoofing Report">
  <img src="https://mintcdn.com/petrasecurity-7f411ce9/SHnUfeDIYpyIuq1Y/images/domain_spoofing_report_cover.png?fit=max&auto=format&n=SHnUfeDIYpyIuq1Y&q=85&s=067a4ddc8aae90d4ef016293337164f3" alt="The cover page of the Domain Spoofing Report" width="1414" height="1528" data-path="images/domain_spoofing_report_cover.png" />
</Frame>

The first page carries your logo and name, the tenant name, the scan date, the **Direct Send** finding, and a summary table listing every domain with its SPF, DMARC, and DKIM status at a glance.

<Info>
  The scan includes the domains for all users in the tenant, including guest users. Although you won't be able to modify DNS records for domains you don't own, it's still useful to know whether your guests' email domains can be spoofed.

  A guest user's email being spoofed could be a risk to your team or client if they received an email from one of those trusted domains, which is why we surface them in the scan.
</Info>

The Direct Send finding shows one of three states:

* **Enabled**: Direct Send is allowed, so unauthenticated mail can spoof the domain to the tenant's own users.
* **Disabled**: Exchange rejects unauthenticated Direct Send mail, so the vector is closed.
* **Unknown**: Petra couldn't read the setting from Microsoft (shown as "Unable to determine direct send enablement status.").

<Note>
  The report is fully white-labeled and contains findings and risk assessments only, with no vendor names, links, or remediation steps. The fixes, including the PowerShell command to disable Direct Send and links to deeper guidance, live in the product on the Domain Spoofing scan, not in the client-facing PDF.
</Note>

### One page per domain

Each domain gets its own page showing the overall spoofing risk, a status for SPF, DMARC, and DKIM, and for each record: what it means, the risk it creates, and the raw DNS record.

<Frame caption="A single domain's page in the Domain Spoofing Report">
  <img src="https://mintcdn.com/petrasecurity-7f411ce9/SHnUfeDIYpyIuq1Y/images/domain_security_report_domain_page.png?fit=max&auto=format&n=SHnUfeDIYpyIuq1Y&q=85&s=f4259e7b7586c29caeb189b9dfcab10e" alt="A single domain's page in the Domain Spoofing Report" width="1412" height="1590" data-path="images/domain_security_report_domain_page.png" />
</Frame>

## Related

* [Domain Spoofing (Direct Send, SPF, DMARC, DKIM)](/investigating/domain-spoofing) explains every result and how to fix it.
