Email Management: Email Spoofing
Email spoofing is a forging of email addresses attempting to trick users into the opening or even responding to what appears to be a legitimate email. The email header may seem to have originated from a friend, business acquaintance, or product or service that a user may have. This tactic is often used in spam and phishing campaigns, and although it is mostly a nuisance, there can be malicious forms also.
What is email spoofing?
One should NEVER respond to any email that is asking the user for sensitive data or information like passwords, credit cards, or social security numbers. NEVER, EVER click a link in a suspicious email! Legitimate companies will not request their customers to submit private data via email.
How Spoofing occurs?A spammer finds an email address or a valid domain. (Spammers spend their days looking for these)
The spammer sends a large email campaign with this domain in the From address, using various email tools that prohibit easy tracing of the origin. These tools cloak, scramble or remove the header entirely. Most people assume an email came from the address it was sent from, just as they do with the return address on snail mail they receive.
An innocent domain owner gets flooded with bounce messages from email addresses that weren't valid or have blocking capabilities. Within a week, the spammer gets shut down by his/her ISP due to excessive bandwidth, complaints from people who figured out who actually sent the email, etc. The spammer moves onto another domain.
Spoofing is possibly the most frustrating abuse issue to deal with simply because it cannot be stopped. Spoofing is similar to hand-writing many letters and signing someone else's name to it. You can imagine how difficult that would be to trace.
How can you tell if your email address was used in a spoofing campaign?Your inbox may all of a sudden get flooded by bounce messages listing a variety of reasons why the messages are getting bounced. This typically does NOT mean that your personal computer has been hacked. If you are concerned, you should immediately change your email account password to be safe.
If you have access to your email header, you can often spot issues. In the example below
- the addresses From: and Reply-To: are different
- You may think you are writing to firstname.lastname@example.org
- But in reality, your response is going to email@example.com.
mail from: firstname.lastname@example.org rcpt to: email@example.com data From: YourBoss <firstname.lastname@example.org> Subject: Raise! Date: February 13, 2019 3:30:58 PM EDT To: user1 <email@example.com> Reply-To: YourBoss <firstname.lastname@example.org> Hi User1 Please reply back to this message for details on your raise. Regards, YourBoss
How can I avoid becoming a spoofing victim?
- Keep your antivirus software updated.
- Add a TXT/SPF Record to your DNS.
- Never respond to or click a link in a suspicious email.
- If you are in doubt about the authenticity of an email, contact the friend or business for verification separately.
- Change your email password frequently.
Until stronger email protocols are in place, this will continue to be an issue. Other options may be to purchase more secure email offerings like Google Workspace or Microsoft 365 Anti-Spoofing Protection.
Email Spoofing with Unassociated DomainEmails sent from a domain that is not associated with your account will trigger many email spoofing flags and eventually damage your email's email reputation resulting in undelivered emails in the future, that is why one of the methods to avoid this is by NOT using "send from" aliases if the domain is not assigned to your hosting account. This will limit your risk in spoofing attempts, thus, keeping your email addresses safe. This will block any attackers attempting to use your business/email address to seek sensitive information.
Please note that we are not blocking the most common email domains (such as gmail.com, yahoo.com) that are commonly spoofed. The following are the list of whitelisted domains that will not be affected by this policy change:
Hotmail and other common email providers: https://www.howto-outlook.com/howto/accountsettings.htm#gmail-imap