# Email Spoofing

We can use **spoofy** to find out Weak Email Security, Weak email security (SPF, DMARC and DKIM) may allow us to spoof emails to appear as though they’re coming from their own domain.  [Spoofy](https://github.com/MattKeeley/Spoofy) is a Python tool that can verify the email security of a given domain.

<https://github.com/MattKeeley/Spoofy>

<figure><img src="https://3420091786-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fy1ZUO45eHY8aMCLJ7OiN%2Fuploads%2FvTlspsC5N3Rz8lxwnrNo%2Fimage.png?alt=media&#x26;token=9e7dd0a4-0a81-4077-be31-b2a5d8ea739e" alt=""><figcaption></figcaption></figure>