BFF · Blueprint · Verify a Job Is Legitimate · The email domain
Launch · Job Hunting · Quick Lesson

How to Verify the Sender's Email Domain

The domain is the single hardest thing for a scammer to fake. Here is how to read it, test it, and spot the tricks.

Length: 7 minutes For: anyone who wants the one check that matters most Updated: 2026-06-24 (v1) Part of: Verify a Job Is Legitimate

"The email looked official. The logo and signature were perfect. It still turned out to be fake."

A member who learned the hard way

Logos and signatures are easy to copy. The domain is not. That is why, when I check a real client, the first thing I read is the part after the @ in their email. It is the strongest single signal you have.

The wrong question vs the right question

Wrong question: "Does the email look professional?"

Better question: "Does the part after the @ belong to the real company?"

Looks are decoration. The domain is identity. Read the identity, not the decoration.

Read and test the domain in four steps

Goal: decide if the sender truly belongs to the company they claim.

1. Find the part after @
In name@company.com, the domain is company.com. That is what you judge.
2. Open it in a new tab
Type the domain directly. Do not click their link. Does a real, matching website load?
3. Check for look-alikes
Watch for tiny misspellings or extra words: company-careers.com, cornpany.com, company.co when the real one is company.com.
4. Be wary of free addresses
A real business usually emails from its own domain. A plain free address for a "company role" is a flag worth a second look.
The trick that catches careful people

Type the domain yourself instead of clicking their link. A link can say company.com but send you somewhere else. Typing it into a fresh tab takes you to the real site, every time.

A rebrand is fine, a mismatch is not

Sometimes the domain opens a site that says the company has a new name now. That is normal. Companies rebrand and keep a working, honest trail. What you are guarding against is a mismatch: a domain that does not load, does not match the company named, or is a near-copy of a real one.

The rule

The domain either belongs to the real company, or it does not. If it does, proceed. If it is missing, mismatched, or a look-alike, stop, no matter how polished the rest of the email looks.

Practice. Read one real domain.

  • Found the part after the @ in a real offer
  • Typed the domain into a fresh tab myself
  • Confirmed it loads and matches the company
  • Checked for misspellings and look-alikes

Next step

The full method →
Verify a Job Is Legitimate
All three checks together
For agency roles →
Research the real client behind an agency
Who you will actually work for

Hold steady, BFF Team. We keep going together.

– Lala