What is Email Spoofing and How to Protect Against It

What is Email Spoofing and How to Protect Against It

Email spoofing is a threat that involves sending email messages with a fake sender address

Difference between Spoofing and Phishing

  1. Spoofing refers to a form of identity theft where someone uses the identity of a real user.
  2. Phishing involves someone stealing sensitive information such as bank or credit card details.

Working of Email Spoofing

Email spoofing exploits the fact that email operates similarly to regular mail, consisting of three main components: the envelope, the message header, and the message body.
A spoofer can manipulate not only the body and “To:” fields, but also customize other key fields such as:

Mail From:
Reply To:
From:
Subject:
Date:
To:
When the spoofed email reaches the target's inbox, the email client displays what’s entered in these fields, creating a deceptive appearance. This can make it seem as though the email came from a legitimate source when, in reality, it did not.

How to protect against email spoofing

We can take action to prevent attackers from sending messages from their domain. To do so, we have to create Domain Name System (DNS) records specifically for authentication. These include:
  1. SPF (Sender Policy Framework) verifies that an email has been sent from an IP address authorized to send emails from the sender’s domain.
  2. DKIM (DomainKeys Identified Mail) cryptographically verifies that the sender’s address and message contents haven’t been changed in transit.
  3. DMARC (Domain-based Message Authentication, Reporting, and Conformance) ensures that the domain in DKIM and SPF checks matches the sender’s domain in the From field, an essential check for spoofing.


Sample DMARC Policy

  1. Determine Your DMARC Policy:
    1. None (p=none): Monitor emails without taking any action.
    2. Quarantine (p=quarantine): Mark emails that fail DMARC checks as spam or junk.
    3. Reject (p=reject): Reject emails that fail DMARC checks outright.
  2. Set the DMARC Record Parameters:
    1. v=DMARC1: Specifies the version of DMARC being used.
    2. p=none|quarantine|reject: Specifies the policy for handling emails that fail DMARC checks.
    3. rua=mailto@example.com: Specifies the email address to which aggregate reports should be sent.
    4. ruf=mailto@example.com: Specifies the email address to which forensic (detailed) reports should be sent (optional).
    5. pct=100: Specifies the percentage of emails subjected to the DMARC policy (100 means all emails).
    6. sp=none|quarantine|reject: Specifies the policy for subdomains (optional).
    7. adkim=r|s: Specifies DKIM alignment mode (relaxed or strict).
    8. aspf=r|s: Specifies SPF alignment mode (relaxed or strict).
  3. Generated DMARC Record:
    1. v=DMARC1; p=reject; rua=mailto:"email address"; ruf=mailto:"email address"; fo=1; adkim=s; aspf=s; sp=reject; pct=100; ri=86400
  4. Copy the generated KEY and add it as TXT record in corresponding DNS

    • Related Articles

    • How to Enable the Auto-Expanding - Online Email Archive using PowerShell

      Install and Connect to the Exchange Online PowerShell Module Root Cause: Auto-expanding online Email archive for exchange online plan2 users. Install the Exchange Online Management Module: Open PowerShell as an administrator. Install the Exchange ...
    • Add user account in mbuzztech portal

      Mbuzz Support Portal Account MBUZZTECH portal account is required to access Support Center. Support Center contains Knowledge Base, Community and Tickets Knowledge Base - Browse through our collection of articles, user guides and FAQs. Community - ...
    • How to mark Attendance in Zen HR

      We can mark our attendance using ZenHR, either through the browser or the mobile app. Mobile app Download the Mobile App from APP Store Google Play Store : https://play.google.com/store/apps/details?id=com.zenhr Apple Store: ...
    • Before Claiming an RMA from MBUZZ

      We believe after sales support is what makes MBUZZ stand out from other distributors. If something goes wrong with any number of items you bought from us, don't hesitate to contact us at support@mbuzztech.com Pre-RMA Submission Checks Here are a few ...
    • How to register Edge Core ecCloud and addAccess point to ecCloud

      ecCLOUD Registration and Login: The Edge core ecCLOUD is a cloud-based controller that provides unified visibility and control for Edge Core wired and wireless devices, including AP, PoE switch, and Terragraph products. ecCLOUD simplifies the task of ...