Email Spoofing

  • Published: Wednesday, Dec. 11, 2019

Email spoofing is forging the ‘from’ address of a sender. A spoofed email may appear to be a trusted sender but in fact is a known, and wildly successful, form of phishing. Scammers may be targeting users in an attempt to steal credentials, trick them into falling for a scam or spread malware. 

As a recipient of such an email you should make sure to take some precautions. Look at the actual email address of the sender. Does that domain match up with what you expect? If you hit the “reply to” the email will automatically populate. Does it match what you would expect to see? 

Are you doing everything you can to protect your users and organization? Here are some options to consider. 

  • Education. Conditioning users to recognize and report suspicious emails can greatly reduce the risks.
  • Implement Sender Policy Framework (SPF), Domain Key Identified Mail (DKIM) and Domain Based Message Authentication (DMARC). These technologies can greatly reduce the spam and phishing emails you receive. And, an added bonus, it can help to prevent mail you send from being marked as spam.
  • Configure warning messages for external senders. 

Remember, any email that requests wire transfers, sensitive personal information or gift cards should be suspect. A direct follow up either in person or by phone should be made with the supposed sender in order to verify such requests.


SPF, DKIM, DMARC and Exchange Online

How to configure warning messages for Office 36 external senders

Configure an external recipient warning in G-suite

How to Set Up DKIM in 3 Simple Steps