What is email spoofing?

Email spoofing is the creation of email messages with a forged sender address, commonly used in phishing attacks.

What is email spoofing?

Email spoofing is the forgery of an email header so that the message appears to come from someone other than the actual source. It is commonly used in phishing campaigns and spam to trick recipients into trusting the email.

How does email spoofing work?

The Simple Mail Transfer Protocol (SMTP) does not have a built-in authentication mechanism, making it possible for anyone to set any address as the "From" field. Spoofed emails may appear to come from trusted contacts, banks, or well-known companies.

Anti-spoofing measures

  • SPF: Verifies that emails come from authorized servers
  • DKIM: Cryptographically signs emails to verify authenticity
  • DMARC: Instructs receiving servers how to handle emails that fail SPF/DKIM checks