Glossary

Email Spoofing vs Phishing

Spoofing is forging the From: header (and related envelope data) to impersonate a domain. Phishing is using deceptive email to steal credentials or install malware. Spoofing is a technical technique; phishing is the attack goal. DMARC p=reject stops spoofing of your domain at participating receivers — it does not stop phishing from lookalike domains.

Defense in depth

Combine DMARC with typosquat monitoring, user training, and browser protections — lookalikes bypass your exact domain.

FAQ

Does DMARC stop all phishing?

No — only misaligned use of domains you control. Homoglyph domains need brand monitoring.

Can spoofing happen without phishing?

Yes — spam and reputation attacks may spoof without credential forms.

What stops lookalike domains?

Registration monitoring, Safe Browsing, and user awareness — not DMARC alone.

← All terms