A short overview of Email Spoofing

Creation of Email messages with a forged sender address.
Priyanka Sharma
Priyanka Sharma

Created: 05/20/2020 10:36 AM - Updated: 05/20/2020 10:36 AM

Since email protocols do not have any process for authentication, it is easy for spammers to send junk mails with a forged sender address to mislead the recipient about the source of the message. It is common for phishing and spam emails to use such spoofing.The forgery of email header so that the mail appears to have sourced from someone or somewhere else other than the intended source.

The major goal of email spoofing is to get recipients to read and even respond to the content. 


How Email spoofing is done?


Recipients recieve emails from a well- known retail business, requesting the reipients to provide information like credit card number or pin etc or might just ask to click on any link , such emails could be fake also. The forgers might acquire your personal information and can hack your account or with these details might intend to make a fraud. The fake emails could ask you to click on attractive links offering any sort of discounts or limted time period deal.which could results in downloading a malware on the receiver’s device.


 Why email spoofing is done?

  • Email spoofing is done mostly for phishing purposes or for acquiring recipient’s personal details.


  • Also, it is done to avoid blacklists i.e. if the sender is sending spam emails then there are high chances of the sender to get blacklisted easily so in order to not get listed as spam  the senders switch email addresses.


  • To hide the sender’s true identity anonymous email addresses are used.


  • To defame or tarnish the image of the pretended sender an attacker might create and send emails with the forged email address.


How to avoid email spoofing?


Since the email protocols does not provide sender authentication and hence it has been very easy to spoof email addresses.Due to which email providers use several frameworks to authenticate incoming messages and avoid email spoofing:

  • SPF (Sender Policy Framework) – It checks whether the IP is authorized with the given domain to send mails.


  • DKIM(Domain Key Identified Mail)- It allows senders to assign domain name with an email message by attaching digital signatures to the message.


  • DMARC (Domain-Based Message Authentication, Reporting, and Conformance)- It is a protocol that requires SPF (Sender Policy Framework )and DKIM (Domain Key Identified Mail ) to identify the authenticity of an email messages.

Was this article helpful?

0 Out of 0 Marked As Helpfull

Have more questions? Please Contact Us