Glossary

Email Spoofing — How It Works and How to Stop It

Spoofing = faking the From: line so mail looks like it came from your CEO or your brand. SMTP never trusted From: — you add SPF, DKIM, and DMARC so receivers can reject the liars.

How Email Spoofing Works

Anyone can pipe a message through an open relay with From: ceo@yourbank.com. Without auth records, receivers can’t tell prank from payroll.

How to Prevent Email Spoofing

  1. Publish SPF so only your IPs and ESPs can pass
  2. Turn on DKIM signing
  3. Creep DMARC from p=none to quarantine / reject
  4. Read aggregate reports for mystery senders

DMARC p=reject Stops Spoofing

At p=reject, mail that fails both aligned SPF and DKIM should bounce — phishers hate that.

Paste DMARC XML and read who sent as you

Open DMARC Report Analyzer →