Knowledge base article
A beginners guide to email spoofing
View other technical support articles
Related articles
An introduction to email authentication
How to ensure website generated emails are delivered successfully
Other technical support articles
Accessing your site before changing DNS
An introduction to email authentication
Basic WordPress security and site management
Check MySQL database table disk usage
Configure object cache with memcached and Litespeed Cache plugin
Configure spam filtering in cPanel
Connect via SFTP using SSH key authentication with FileZilla
Connecting to Serversaurus shared hosting via SFTP
Create a clone of your website
Create a SSH key pair and configure your SSH key in cPanel
Create a WordPress administrator via MySQL CLI
Create a WordPress administrator via phpMyAdmin
Create a WordPress cron task in cPanel
Disable automatic WordPress updates via wp-config.php
Download or restore individual files, directories or database backups with JetBackup
Enabling PHP extensions, Changing PHP Version and Setting PHP Options
Export or Import a MySQL database via CLI
Force HTTPS via .htaccess (cPanel)
Getting Started with Anycast DNS
Getting Started with the Content Delivery Network (CDN)
Getting Started with Virtual Machines
Go live with your WordPress staging website
Help! I need a backup of my cPanel-hosted website
Hide .html extension using .htaccess
How did my WordPress website get hacked? What do I do?
How to ensure website generated emails are delivered successfully
How to issue a Let’s Encrypt certificate
How to remove Site Software management
I can receive email but can’t send!
Introduction to LiteSpeed Cache
Manage DNS zones with the cPanel Zone Editor
Manual WordPress migrations in a nutshell
Migrate remote staging website to local hosting server
Migrate remote transactional website to local server
Migrating email from one POP/IMAP email account to another
My site and/or email service is down
Network Firewall (I can’t access my services on a non-standard port)
Optimising Wordfence firewall and security settings
Pointing your domain to Serversaurus
Pointing your domain to Squarespace with cPanel
Prevent website generated spam with CAPTCHA
Push updates from a staging to production website
Reconfigure production website to subdomain
Recover your hacked WordPress website
Remove Wordfence firewall block via MySQL CLI
Secure your WordPress installation
Setting up email on your iPhone
Subdomains for test sites & more
Unable to renew certificate: The Let’s Encrypt HTTP challenge failed
Understanding CloudLinux resource limits
Update a WordPress website to use a new domain name
Update your WordPress username via phpMyAdmin
Using Serversaurus’ nameservers but hosting your email elsewhere
Using the Serversaurus Cloud CDN with your WordPress website
What is email spoofing?
Email spoofing is a common fraud technique used to trick users into believing a email originated from a trusted source when it really originated from a fraudulent source.
Spoofing is used as a means of phishing; to promote services, collect sensitive data or harvest a bounty. In some cases not only is the sender address forged, the email may mimic the company brand or email signature making it even more difficult to detect.
Unfortunately email spoofing is possible due to to the design of the email system and outgoing mail servers inability to determine whether a sender address is authentic, this allows bad actors to configure any email address as a sender address in a script or application.
How to identify spoofed emails?
It's can be difficult to identify whether an email is genuine or not, making it easy to mistake an emails authenticity and potentially fall victim to phishing or other scams.
You can verify whether an email is authentic by checking the following:
- Check the From and Sender address match
- Ensure the From and Sender address matches the contact name
- The Reply-To address should also match source domain
- Does the branding match the From and Sender address
- If the email includes a call to action, don't provide any information or click any links until the email is confirmed legitimate. Check the link by hovering over the link, does the link match the sender domain or refer you to an unknown website? if the website is unknown the email is most likely fraudulent.
How to prevent my domain from spoofing?
Thankfully you can secure your domain from unauthenticated use (such as spoofing) by implementing a DMARC policy. A DMARC policy directs receiving mail servers how to handle emails sent using your domain without correct authentication methods. Protecting your domain reputation using a DMARC policy is an important measure you can take to ensure your brand remains a trusted source.
For more in depth understanding on email authentication and guidance on implementing a DMARC policy, please read our email authentication guide.
Another method of spoofing is website forms being used send spam content, this can be resolved by adding a CAPTCHA or honeypot to all website web forms.
If you want support becoming DMARC compliant, Serversaurus offer a Email Analysis and Security service where we complete DMARC compliance for your domain before implementing of a strict DMARC policy to ensure control, visibility and security of your outgoing email traffic and improve delivery success and domain reputation.
The consultation includes configuration of SPF, DKIM and DMARC and a 4 week monitoring package.
For further advice regarding spoofing or securing your domain, please contact our support team at support@serversaurus.com.au so we can provide case specific recommendations.
Last updated November 30, 2023