Email Security High Risk

Customers Are Reporting Scam Emails From My Brand

Receiving complaints about scam emails that appear to come from your store? Learn how to stop email spoofing.

Signs You Have This Problem

  • Customers forwarding suspicious emails 'from you'
  • Reports of phishing attempts using your brand
  • Questions about emails you didn't send
  • Account security concerns from customers

Impact on Your Business

  • Customer trust destruction
  • Brand reputation damage
  • Support burden increase
  • Potential legal liability

The Email Spoofing Problem

Scammers can send emails that appear to come from your domain. These emails:

  • Use your brand name
  • Mimic your email style
  • Link to phishing sites
  • Request sensitive information

Customers can’t tell they’re fake.

How Email Spoofing Works

Without proper authentication, anyone can:

  1. Set the “From” field to your address
  2. Copy your email template
  3. Send to your customers (or anyone)
  4. Direct them to malicious sites

The email arrives looking legitimate.

Immediate Steps

1. Collect Evidence

  • Get copies of the scam emails
  • Note what they’re asking for
  • Identify links in the emails
  • Document customer complaints

2. Communicate with Customers

  • Post on social media
  • Send legitimate email warning
  • Update your website
  • Provide verification guidance

3. Check Your Authentication

Use SecurEcommerce to verify:

  • SPF record exists and is correct
  • DKIM is configured
  • DMARC policy is set

4. Report the Phishing

  • Report to Google Safe Browsing
  • Report to Anti-Phishing Working Group
  • Notify email providers (Gmail, etc.)

Understanding Email Authentication

SPF (Sender Policy Framework)

Lists which servers can send for your domain:

  • Prevents unauthorized servers from sending
  • Receiving servers check before accepting

Without SPF: Anyone can send as you With SPF: Only authorized senders accepted

DKIM (DomainKeys Identified Mail)

Cryptographic signature on emails:

  • Proves email is really from you
  • Proves email wasn’t modified

Without DKIM: Emails can be forged With DKIM: Emails are verified

DMARC (Domain-based Message Authentication)

Policy for handling failures:

  • Tells servers what to do with suspicious emails
  • Provides reporting on authentication results

Without DMARC: Fake emails might be delivered With DMARC: Fake emails are rejected

Setting Up Protection

Step 1: Add SPF Record

In your DNS, add a TXT record:

v=spf1 include:_spf.shopify.com [other senders] ~all

Step 2: Configure DKIM

Your email providers (Klaviyo, etc.) provide DKIM setup instructions. Follow them to add the necessary DNS records.

Step 3: Add DMARC

Start with monitoring:

v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com

Then strengthen to quarantine, then reject.

How SecurEcommerce Helps

Authentication Monitoring

We continuously check:

  • SPF record presence and validity
  • DKIM configuration
  • DMARC policy strength

Alerts notify you of issues.

Suspicious Email Analysis

Forward suspicious emails for analysis:

  • We check for spoofing indicators
  • Identify phishing tactics
  • Verify if it’s really from you
  • Provide actionable recommendations

Ongoing Protection

  • Daily authentication checks
  • Alerts when configuration changes
  • Recommendations for improvement

The Damage of Email Spoofing

When customers get phished using your brand:

Immediate Impact

  • They lose money or data
  • They blame you
  • They tell others

Long-term Damage

  • Trust in your emails drops
  • Legitimate emails ignored
  • Customer relationships suffer
  • Brand reputation erodes

Why This Keeps Happening

Email was designed before security was a concern. Without authentication:

  • Sending address is just text
  • Anyone can write anything
  • Servers accept by default

Authentication adds the verification email should have had from the start.

Prevention Checklist

  • SPF record configured
  • DKIM enabled for all senders
  • DMARC policy active
  • SecurEcommerce monitoring enabled
  • Customer communication plan ready
  • Reporting process documented

Don’t Wait for Complaints

Many spoofing victims never report to you - they just lose trust quietly. Proactive authentication prevents spoofing before it starts. With SecurEcommerce monitoring, you’ll know if your configuration breaks down.

The Solution

SecurEcommerce monitors your email authentication and analyzes suspicious emails to help you identify and prevent spoofing.

Fix this problem now

Related Problems

Problem

Someone Copied My Shopify Store

Discovered a clone of your store? Learn what to do when scammers copy your website and how to prevent it happening again.

Read more

You Don't Have to Deal With This Alone

SecurEcommerce automatically detects and fixes common security problems. Let us handle it so you can focus on your business.

Install SecurEcommerce Free
★★★★★ 5/5 on Shopify 7-day free trial No credit card required