What is email spoofing?

Email spoofing is the act of sending emails with a forged sender address. It tricks the recipient into thinking that someone they know or trust sent them the email. Usually, it’s a tool of a phishing attack, designed to take over your online accounts, send malware, or steal funds. Spoofed email messages are easy to make and easy to detect. 

How to stop email spoofing?
The reality is that it's impossible to stop email spoofing because the Simple Mail Transfer Protocol (SMTP), which is the foundation for sending emails, doesn't require any authentication. That's the vulnerability of the technology. There are some additional countermeasures developed to counter email spoofing. Still, the success rate will depend entirely on whether your email service provider implemented them.

Most email providers use the following additional checks to counter spoofing:
  • Sender Policy Framework (SPF)
  • DomainKeys Identified Mail (DKIM)
  • Reporting & Conformance (DMARC)

Emails failing these checks will either be filtered to junk folder of the recipient or are not delivered at all to the recipient.