Email Spoofing
Email spoofing is the practice of forging email headers so that messages appear to come from legitimate senders. It is a key enabler of phishing, spam, and fraud campaigns.
Table of Contents
- What is email spoofing?
- How it typically works
- Common techniques and variants
- Impact
- Further reading
What is email spoofing?
Spoofed emails manipulate the “From” field and other header information so recipients trust the sender. Attackers may impersonate companies, government agencies, or coworkers to increase credibility. While spoofed messages can be used for spam, they are most often part of phishing campaigns.
How it typically works
- Header manipulation: attacker forges the email’s sender fields.
- Delivery: message is sent through compromised or misconfigured servers.
- Deception: victim sees a trusted name or domain and is more likely to engage.
- Exploitation: attacker uses the trust gained to harvest credentials, deliver malware, or commit fraud.
Common techniques and variants
- Display name spoofing: using a trusted display name while hiding a malicious address
- Domain spoofing: forging domains or using typosquatted lookalikes
- Reply-to manipulation: replies are redirected to attacker-controlled addresses
- Combination with phishing: spoofing paired with phishing to increase trust
Impact
Email spoofing undermines trust in digital communication. It enables large-scale phishing campaigns, business email compromise, and fraud. Spoofed emails are also used to bypass technical controls, distribute ransomware, and trick employees into making unauthorized transfers. For organizations, spoofing can damage brand reputation if their domain is abused in attacks.
Further reading
- DMARC Analyzer: What is email spoofing? Read more
- CISA: Email Threats Guidance. Read more
- OWASP: Email security issues. Read more