Email Glossary

Email Spoofing

Email spoofing is a technique where attackers forge the 'From' address in email headers to make messages appear to come from a trusted sender. It's commonly used in phishing attacks and can be prevented with proper SPF, DKIM, and DMARC configuration.

How Spoofing Works

Email was designed in a trusting era. The SMTP protocol doesn't verify that the sender is who they claim to be, it's like the postal service delivering a letter regardless of the return address.

Attackers exploit this by:

  • Setting up their own mail server
  • Crafting emails with a forged 'From' address
  • Sending to targets who see a trusted sender

Without authentication, receiving servers have no way to verify the email actually came from the claimed sender.

Why Attackers Spoof

Phishing attacks Impersonating banks, tech companies, or colleagues to steal credentials.

Business Email Compromise Spoofing CEO emails to trick employees into wire transfers.

Spreading malware Trusted sender = recipient more likely to open attachments.

Reputation damage Send spam appearing from a competitor to damage their reputation.

Evading filters Spoofed emails from trusted domains may bypass spam filters.

Preventing Spoofing of Your Domain

Implement all three authentication protocols:

SPF - Lists authorized sending IPs Anyone sending from other IPs fails SPF.

DKIM - Cryptographically signs your emails Spoofed emails can't have valid signatures without your private key.

DMARC - Enforces policy on failures Tells receivers to reject or quarantine emails that fail SPF/DKIM.

With p=reject DMARC policy, spoofed emails are blocked before reaching targets.

Detecting Spoofed Emails

When receiving emails, look for:

Header analysis

  • Check Received headers for origin
  • Look for SPF/DKIM/DMARC results
  • Verify Return-Path matches From

Visible red flags

  • Urgency or threats
  • Requests for credentials or money
  • Slightly misspelled domains
  • Suspicious links (hover to check)

Technical checks

  • Failed SPF/DKIM (check headers)
  • Mismatched domains
  • Unusual sending server

Related Tools

DNS Checker

Related Terms

SPF (Sender Policy Framework)

Tells receiving servers which IPs can send email for your domain.

DKIM (DomainKeys Identified Mail)

Adds a digital signature to emails proving they haven't been tampered with.

DMARC (Domain-based Message Authentication)

Tells email receivers how to handle messages that fail SPF or DKIM checks.

Frequently Asked Questions

Can SPF alone prevent spoofing?
No. SPF only verifies the envelope sender (Return-Path), not the visible From address. An attacker can pass SPF with their own domain while spoofing your domain in the From header. You need DMARC to tie them together.
I have DMARC set up, am I fully protected?
DMARC with p=reject provides strong protection against direct spoofing of your exact domain. However, it doesn't prevent look-alike domains (yourdoma1n.com) or display name spoofing ('Your Bank <attacker@evil.com>').
What is display name spoofing?
Attackers set the display name (the friendly name before the email address) to something trustworthy while using their own domain. 'Your Bank <scammer@evil.com>' shows 'Your Bank' in many email clients. Training users to check the actual address is the defense.
Get started in minutes

Need help with email deliverability?

Transmit handles authentication, warmup, and reputation isolation automatically.