Spoof Email Address

How attackers spoof an email address

Email spoofing is one of the most frequent types of cybercrimes. Spoofing an email address means that the sender is posing as someone else in an attempt to gain the trust of the recipient. Attackers frequently spoof an email address as the first step in a spear-phishing campaign or business email compromise attack. Spammers spoof email addresses to increase the chances that recipients will open an email and respond to it.

There are a number of ways that attacker can spoof an email address. Changing the display name – the name of the sender that is visible to recipients – may be the most common. Attackers use this method to pose as a trusted individual or a trusted brand while encouraging the recipient to take action that benefits the attacker. Attackers can also spoof an email address by using a legitimate email address in the "From" header, exploiting security holes in standard email protocols. Using look-alike domains is another way to spoof an address. With this method, attackers may substitute numbers or characters from other scripts like Cyrillic for letters in the email address, or create a new domain name that has only very subtle differences from an actual legitimate domain.

No matter how attackers spoof an email address, the results can be devastating. Email recipients may be duped into revealing sensitive information like credit card data or Social Security numbers. They may be tricked into revealing login credentials that give attackers access to corporate networks. Or they may even be fooled into wiring a money transfer to a fraudulent account.

Stopping email spoofing – as well as website spoofing, DNS spoofing and other forms of fraud – requires state-of-the-art anti-spoofing technology that can keep pace with the rapidly evolving and sophisticated attack methods. That's where Mimecast can help.

Mimecast DMARC Analyzer

Mimecast DMARC Analyzer protects against email spoofing by simplifying the process of deploying DMARC. DMARC, or Domain-based Message Authentication, Reporting & Conformance, is an email validation system that builds on the widely used Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) protocols. To identify messages where a sender is spoofing the email address by changing the "From" header, DMARC requires that messages are authenticated with DKIM and/or SPF check, and that the information in the "From" header matches the underlying information about the sender.

Additionally, DMARC Analyzer maximizes the effectiveness of DMARC by providing:

• A 360° view across all email channels.
• Simplified DMARC deployment using a step-by-step approach.
• Easy-to-use, self-service tools to simplify your DMARC deployment project.
• Alerts, reports and charts that help to achieve DMARC enforcement faster and monitor ongoing performance more effectively.

DMARC Analyzer also provides a DMARC record checker, SPF validator and DKIM record checker that ensure the validity of records and help to uncover errors that may impact mail delivery.

FAQs: what it does it mean to spoof an email address?

What does it mean to spoof an email address?

When attackers spoof an email address, they are posing as someone else in order to dupe the recipient into opening the email, responding to it or taking action that benefits the attackers. Email spoofing is often used at the start of devastating attacks like spear-phishing, business email compromise, CEO fraud and ransomware.

How do attackers spoof an email address?

Spoofing an email address is a relatively simple form of cybercrime. Attackers may change the display name and/or the "From" header in the email to pose as a trusted source, or they may create a look-alike domain that is virtually indistinguishable from a legitimate domain.

How do you stop email spoofing?

Preventing attackers from spoofing an email address requires sophisticated technology for scanning inbound email and for taking advantage of industry protocols for authenticating email messages.