Knowledgebase

Back to Hosted Email

What Is Email Spoofing


E-mail spoofing is sending an e-mail to another person so that it appears that the e-mail was sent by someone else. 

We most commonly see spoofed accounts used to send spam, phishing content, or malicious viruses. Spammers will steal a real person's e-mail address to trick anti-spam filters and make the e-mail seem legitimate and written by a real person, possibly someone you know.

If you have received a high volume of 'Mail delivery failed' bounce-back emails in your inbox, there is a high chance that your email address has been spoofed.

What Can You Do?

To prevent spoofed emails from being delivered, we can add SPF and DKIM records to the DNS for your domain. SPF and DKIM records are types of Domain Name Service (DNS) records that identify which mail servers are permitted to send email on behalf of your domain. The purpose of these records is to prevent spammers from sending messages with forged “From:” addresses at your domain. Recipients can refer to the SPF record to determine whether a message purporting to be from your domain comes from an authorized mail server. The SPF does not block spoofing; depending on how the receiving server is set up, usually, the SPF record will only result in mail that does not match the SPF rules and will be placed in the Spam/Junk folders.

If you have a cPanel email and would like an SPF and DKIM Record to be added, you can do so in cPanel > Email Authentication > SPF
If you have a chimail email, please contact us for a DKIM and SPF record to be implemented.

Unfortunately, beyond these authentication records, there is not much else that can be done to prevent spoofed e-mails from being sent.

If your email address was spoofed, this is usually a temporary issue that will resolve itself in a few weeks once the bad actor has moved on to using a different email address to spoof. We do strongly recommend running an anti-virus scan on any machines and devices that you have recently used to access your email account, to ensure that they are free of any malicious software. We would also recommend that you update your email account's password, using a secure combination of letters, symbols, and numbers at least eight characters in length.

You can look at the "headers" information to see where the spoofed e-mail originated from. Depending on the circumstances, you can help stop spammers by also sending the full headers of these unlawful messages to the Federal Trade Commission at spam@uce.gov.



Related Articles

ASP - How To Send Email With CDOSYS
How To Change Email Forwarder Into Full Email Account
How To Change An Email Password
How To Create An Email Account
How To Create An Email Forwarder in CHI

Can’t Find what you need?

No worries, Our experts are here to help.