What is email spoofing?
Email spoofing is the creation of email messages that are made to appear as if they came from a particular sender, but in fact do not.
It may be surprising to learn that the original email transmission protocols we rely on today were not built to protect against spoofing/message forgery. Over time though, technologies and protocols have been developed to defend against malicious use.
When an email message is sent, details like the 'From' address that the user sees in their email client can be set to a relatively arbitrary value. This is not checked or protected by default.
Why would someone spoof email?
This is not an exhaustive list, but just to give you some examples:
- Send malicious material (e.g. malware) to someone who would let their guard down due to it supposedly being from a trusted source
- Cause reputational damage to a business or individual
- Spread disinformation and make it appear as if it's from a trusted source
How to guard against email spoofing
From a domain owner/admin perspective, setting up SPF, DKIM, and DMARC is the bare minimum and a very good start. You'll want to make sure you educate your users, and enforce security standards. For most people and organizations, this will actually be sufficient.
As an individual, you should ensure your email accounts are secured by following standard best practices:
- Use a very strong password
- Don't re-use your passwords
- Using a password manager will help make the above two points actually feasible and easy
- Enable 2-factor authentication
- Regularly review applications you may have granted access to your email account
If you are responsible for running a shared email server or email infrastructure, there are additional measures you need to take, but that is out of scope for this document.