1. Knowledge Base
  2. >
  3. Results
  4. >
  5. Article

Email Management: Email Spoofing

G Suite just got better - introducing the Google Workspace!

What is email spoofing?

Email spoofing is a forging of email addresses attempting to trick users into the opening or even responding to what appears to be a legitimate email. The email header may seem to have originated from a friend, business acquaintance, or product or service that a user may have. This tactic is often used in spam and phishing campaigns, and although it is mostly a nuisance, there can be malicious forms also.

One should NEVER respond to any email that is asking the user for sensitive data or information like passwords, credit cards, or social security numbers. NEVER, EVER click a link in a suspicious email! Legitimate companies will not request their customers to submit private data via email.

How Spoofing occurs?

A spammer finds an email address or a valid domain. (Spammers spend their days looking for these)

The spammer sends a large email campaign with this domain in the From address, using various email tools that prohibit easy tracing of the origin. These tools cloak, scramble or remove the header entirely. Most people assume an email came from the address it was sent from, just as they do with the return address on snail mail they receive.

An innocent domain owner gets flooded with bounce messages from email addresses that weren't valid or have blocking capabilities. Within a week, the spammer gets shut down by his/her ISP due to excessive bandwidth, complaints from people who figured out who actually sent the email, etc. The spammer moves onto another domain.

Spoofing is possibly the most frustrating abuse issue to deal with simply because it cannot be stopped. Spoofing is similar to hand-writing many letters and signing someone else's name to it. You can imagine how difficult that would be to trace.

How can you tell if your email address was used in a spoofing campaign?

Your inbox may all of a sudden get flooded by bounce messages listing a variety of reasons why the messages are getting bounced. This typically does NOT mean that your personal computer has been hacked. If you are concerned, you should immediately change your email account password to be safe.

If you have access to your email header, you can often spot issues. In the example below
  • the addresses From: and Reply-To: are different
  • You may think you are writing to yourboss@example1.com
  • But in reality, your response is going to badguy@example2.com.
mail from: user1@example1.com
rcpt to: badguy@example2.com

From: YourBoss <yourboss@example1.com>
Subject: Raise!
Date: February 13, 2019 3:30:58 PM EDT
To: user1 <user1@example1.com>
Reply-To: YourBoss <badguy@example2.com>

Hi User1

Please reply back to this message for details on your raise.
While the example below is an error message that you may correct via support.google.com/mail.answer/7126229
Card and List view

How can I avoid becoming a spoofing victim?

  1. Keep your antivirus software updated.
  2. Add a TXT/SPF Record to your DNS.
  3. Never respond to or click a link in a suspicious email.
  4. If you are in doubt about the authenticity of an email, contact the friend or business for verification separately.
  5. Change your email password frequently.
There is nothing you could really do once an email has been spoofed. The bounced emails you receive may contain information that could be useful to track down the source of the email.  They often come from infected computers, so getting the exact location of the spammer is pretty low. You may also find the IP address where the message originated, check which ISP it belongs to, and see if they would be willing to blacklist the IP address. 

Until stronger email protocols are in place, this will continue to be an issue. Other options may be to purchase more secure email offerings like Google Workspace or Microsoft 365 Anti-Spoofing Protection.

Email Spoofing with Unassociated Domain

Emails sent from a domain that is not associated with your account will trigger many email spoofing flags and eventually damage your email's email reputation resulting in undelivered emails in the future, that is why one of the methods to avoid this is by NOT using "send from" aliases if the domain is not assigned to your hosting account. This will limit your risk in spoofing attempts, thus, keeping your email addresses safe. This will block any attackers attempting to use your business/email address to seek sensitive information.

Please note that we are not blocking the most common email domains (such as gmail.com, yahoo.com) that are commonly spoofed. The following are the list of whitelisted domains that will not be affected by this policy change:
  • rambler.ru
  • comcast.net
  • yahoo.com
  • mail.ru
If you would like to continue to send from in third-party email provide (@gmail.com or @mail.com), please refer to the article links below for a step by step guide on how to correctly configure your own personal email address. For all other providers, you'll be able to find the settings by searching in Google. 

Gmail: https://support.google.com/mail/answer/7126229?hl=en
Mail.com: https://support.mail.com/premium/imap/windowsmailapp.html
Yahoo: https://help.yahoo.com/kb/SLN4075.html
Hotmail and other common email providers: https://www.howto-outlook.com/howto/accountsettings.htm#gmail-imap

To report and send a spoofing mail, please don't hesitate to reach our support team.

Related Articles: