Knowledge base article
A beginners guide to email spoofing
Related articles
An introduction to email authentication
How to ensure website generated emails are delivered successfully
Other email articles
Add or remove Google Workspace users
An introduction to email authentication
Configure spam filtering in cPanel
Create and manage email accounts in cPanel
Create Autoresponders in cPanel
Download or restore individual files, directories or database backups with JetBackup
Emptying Trash, Junk and Spam files
How to ensure website generated emails are delivered successfully
How to whitelist an email address
I can receive email but can’t send!
Manage DNS zones with the cPanel Zone Editor
Migrating email from one POP/IMAP email account to another
My site and/or email service is down
Network Firewall (I can’t access my services on a non-standard port)
Prevent website generated spam with CAPTCHA
Setting up email on your iPhone
The SLA – Best effort versus 99.9% versus 100%
Understanding CloudLinux resource limits
Using Serversaurus’ nameservers but hosting your email elsewhere
What is email spoofing?
Email spoofing is a common fraud technique used to trick users into believing a email originated from a trusted source when it really originated from a fraudulent source.
Spoofing is used as a means of phishing; to promote services, collect sensitive data or harvest a bounty. In some cases not only is the sender address forged, the email may mimic the company brand or email signature making it even more difficult to detect.
Unfortunately email spoofing is possible due to to the design of the email system and outgoing mail servers inability to determine whether a sender address is authentic, this allows bad actors to configure any email address as a sender address in a script or application.
How to identify spoofed emails?
It's can be difficult to identify whether an email is genuine or not, making it easy to mistake an emails authenticity and potentially fall victim to phishing or other scams.
You can verify whether an email is authentic by checking the following:
- Check the From and Sender address match
- Ensure the From and Sender address matches the contact name
- The Reply-To address should also match source domain
- Does the branding match the From and Sender address
- If the email includes a call to action, don't provide any information or click any links until the email is confirmed legitimate. Check the link by hovering over the link, does the link match the sender domain or refer you to an unknown website? if the website is unknown the email is most likely fraudulent.
How to prevent my domain from spoofing?
Thankfully you can secure your domain from unauthenticated use (such as spoofing) by implementing a DMARC policy. A DMARC policy directs receiving mail servers how to handle emails sent using your domain without correct authentication methods. Protecting your domain reputation using a DMARC policy is an important measure you can take to ensure your brand remains a trusted source.
For more in depth understanding on email authentication and guidance on implementing a DMARC policy, please read our email authentication guide.
Another method of spoofing is website forms being used send spam content, this can be resolved by adding a CAPTCHA or honeypot to all website web forms.
If you want support becoming DMARC compliant, Serversaurus offer a Email Analysis and Security service where we complete DMARC compliance for your domain before implementing of a strict DMARC policy to ensure control, visibility and security of your outgoing email traffic and improve delivery success and domain reputation.
The consultation includes configuration of SPF, DKIM and DMARC and a 4 week monitoring package.
For further advice regarding spoofing or securing your domain, please contact our support team at support@serversaurus.com.au so we can provide case specific recommendations.
Last updated November 30, 2023