Knowledge base article
A beginners guide to email spoofing
What is email spoofing?
Email spoofing is a common fraud technique used to trick users into believing a email originated from a trusted source when it really originated from a fraudulent source.
Spoofing is used as a means of phishing; to promote services, collect sensitive data or harvest a bounty. In some cases not only is the sender address forged, the email may mimic the company brand or email signature making it even more difficult to detect.
Unfortunately email spoofing is possible due to to the design of the email system and outgoing mail servers inability to determine whether a sender address is authentic, this allows bad actors to configure any email address as a sender address in a script or application.
How to identify spoofed emails?
It's can be difficult to identify whether an email is genuine or not, making it easy to mistake an emails authenticity and potentially fall victim to phishing or other scams.
You can verify whether an email is authentic by checking the following:
- Check the From and Sender address match
- Ensure the From and Sender address matches the contact name
- The Reply-To address should also match source domain
- Does the branding match the From and Sender address
- If the email includes a call to action, don't provide any information or click any links until the email is confirmed legitimate. Check the link by hovering over the link, does the link match the sender domain or refer you to an unknown website? if the website is unknown the email is most likely fraudulent.
How to prevent my domain from spoofing?
Thankfully you can secure your domain from unauthenticated use (such as spoofing) by implementing a DMARC policy. A DMARC policy directs receiving mail servers how to handle emails sent using your domain without correct authentication methods. Protecting your domain reputation using a DMARC policy is an important measure you can take to ensure your brand remains a trusted source.
For more in depth understanding on email authentication and guidance on implementing a DMARC policy, please read our email authentication guide.
Another method of spoofing is website forms being used send spam content, this can be resolved by adding a CAPTCHA or honeypot to all website web forms.
If you want support becoming DMARC compliant, Serversaurus offer a Email Analysis and Security service where we complete DMARC compliance for your domain before implementing of a strict DMARC policy to ensure control, visibility and security of your outgoing email traffic and improve delivery success and domain reputation.
The consultation includes configuration of SPF, DKIM and DMARC and a 4 week monitoring package.
For further advice regarding spoofing or securing your domain, please contact our support team at support@serversaurus.com.au so we can provide case specific recommendations.
Last updated November 30, 2023