http://spoofcheck.bishopfox.com
planetice.net
is vulnerable to email spoofing
Analysis
SPF
planetice.net has an SPF record.
The SPF record for planetice.net has a strong defensive configuration.
Record: v=spf1 a mx a:planetice.net ip4:23.226.230.184 ip6:2604:180:1:d6c::17e2:e6b8 include:aspmx.googlemail.com ?all
DMARC
planetice.net has no DMARC record.
Recommendations
To avoid the risk of email spoofing from planetice.net, Bishop Fox recommends the following:
Begin implementing a DMARC record for planetice.net. DMARC records are DNS TXT records, located at the _dmarc.planetice.net subdomain, that instruct receiving mail servers how to handle emails that fail SPF and DKIM alignment. For DMARC to function, planetice.net needs to have both SPF and DKIM configured. Additional information about setting up DMARC records can be found from the Google Apps DMARC setup guide.
A DMARC policy of none allows spoofed emails to be delivered. Begin implementing a DMARC policy of quarantine or reject. As implementing strict DMARC policies may interfere with the delivery of email from planetice.net email addresses, Bishop Fox recommends setting up and monitoring aggregate report notifications for legitimate emails before beginning to implement a stricter policy. If no legitimate emails are reported, set the DMARC policy to quarantine and set the pct field to a low percentage. This process is described in more detail in the Google Apps DMARC setup guide.
To manage the risk of email spoofing from domains other than planetice.net, Bishop Fox recommends the following:
Configure the planetice.net email server to quarantine emails that fail SPF alignment on the From field. Nearly 41% of the Alexa top million domains are configured with SPF records, but only 1.8% of those domains are configured with a strict DMARC record.