In the ever-evolving digital age, protecting your email communications from malicious attacks has never been more crucial. Impersonation protection is a robust security layer designed to safeguard you from spoofed emails. These deceptive emails masquerade as trustworthy senders, potentially leading to phishing attacks, data breaches, or financial scams.

Protection from spoofed emails claiming to be from your own domain

With Impersonation protection enabled on your own domain, messages claiming to come from your domain will only be delivered if they meet one of the following conditions:

• The SPF verified domain of the Return-path sender matches the From sender's domain.
• The message has a valid DKIM signature and the signing domain matches the From sender's domain.
• The message is coming from a source that you have previously approved as a valid source for your domain.

Enabling Impersonation protection on your domain

To enable Impersonation protection on your domain:

1. Make sure your domain has a valid SPF record that includes the IPs authorized to send email for your domain.
2. Visit the Impersonation protection page and look for a banner similar to the following below your domain name:

3. Click on the Review button and approve any legitimate messages. If the above banner is not displayed, then no messages need to be reviewed and you can skip this step.
4. Click on the Enable button next to your domain name.

Domain aliases

If you have domain aliases configured, they will be listed below your domain name on the Impersonation protection page. Repeat the steps above for each domain alias.

Protection from spoofed emails for other domains

It is also highly recommended that Impersonation protection also be enabled for important senders that send to your domain. Add these domains under the External domains section at the bottom of the Impersonation protection page.