Knowledge base article
A beginners guide to email spoofing
View other domains and DNS articles
Related articles
An introduction to email authentication
How to ensure website generated emails are delivered successfully
Other domains and DNS articles
Accessing your site before changing DNS
An introduction to email authentication
Can I test out your services for free?
Cancel auto renewal on a domain registration
Complete a manual Change of Registrant (CoR) application for a .au domain
Configure spam filtering in cPanel
Domain options for shared hosting
Download or restore individual files, directories or database backups with JetBackup
Eligibility requirements for .au domains
Enabling PHP extensions, Changing PHP Version and Setting PHP Options
Finding your domain password/EPP code
Force HTTPS via .htaccess (cPanel)
Getting Started with Anycast DNS
Getting Started with the Content Delivery Network (CDN)
Hide .html extension using .htaccess
How to ensure website generated emails are delivered successfully
How to issue a Let’s Encrypt certificate
Manage DNS zones with the cPanel Zone Editor
Migrate remote staging website to local hosting server
Migrate remote transactional website to local server
My site and/or email service is down
Network Firewall (I can’t access my services on a non-standard port)
Pointing your domain to Serversaurus
Pointing your domain to Squarespace with cPanel
Reconfigure production website to subdomain
Subdomains for test sites & more
The SLA – Best effort versus 99.9% versus 100%
Transfer your domain to Serversaurus
Unable to renew certificate: The Let’s Encrypt HTTP challenge failed
Understanding CloudLinux resource limits
Update your domain contact information
Using Serversaurus’ nameservers but hosting your email elsewhere
Using the Serversaurus Cloud CDN with your WordPress website
What happens if my domain expires?
What is email spoofing?
Email spoofing is a common fraud technique used to trick users into believing a email originated from a trusted source when it really originated from a fraudulent source.
Spoofing is used as a means of phishing; to promote services, collect sensitive data or harvest a bounty. In some cases not only is the sender address forged, the email may mimic the company brand or email signature making it even more difficult to detect.
Unfortunately email spoofing is possible due to to the design of the email system and outgoing mail servers inability to determine whether a sender address is authentic, this allows bad actors to configure any email address as a sender address in a script or application.
How to identify spoofed emails?
It's can be difficult to identify whether an email is genuine or not, making it easy to mistake an emails authenticity and potentially fall victim to phishing or other scams.
You can verify whether an email is authentic by checking the following:
- Check the From and Sender address match
- Ensure the From and Sender address matches the contact name
- The Reply-To address should also match source domain
- Does the branding match the From and Sender address
- If the email includes a call to action, don't provide any information or click any links until the email is confirmed legitimate. Check the link by hovering over the link, does the link match the sender domain or refer you to an unknown website? if the website is unknown the email is most likely fraudulent.
How to prevent my domain from spoofing?
Thankfully you can secure your domain from unauthenticated use (such as spoofing) by implementing a DMARC policy. A DMARC policy directs receiving mail servers how to handle emails sent using your domain without correct authentication methods. Protecting your domain reputation using a DMARC policy is an important measure you can take to ensure your brand remains a trusted source.
For more in depth understanding on email authentication and guidance on implementing a DMARC policy, please read our email authentication guide.
Another method of spoofing is website forms being used send spam content, this can be resolved by adding a CAPTCHA or honeypot to all website web forms.
If you want support becoming DMARC compliant, Serversaurus offer a Email Analysis and Security service where we complete DMARC compliance for your domain before implementing of a strict DMARC policy to ensure control, visibility and security of your outgoing email traffic and improve delivery success and domain reputation.
The consultation includes configuration of SPF, DKIM and DMARC and a 4 week monitoring package.
For further advice regarding spoofing or securing your domain, please contact our support team at support@serversaurus.com.au so we can provide case specific recommendations.
Last updated November 30, 2023