What Is Email Spoofing?

Email spoofing is a technique that is used in spam as well as phishing attacks in order to trick users into thinking that a message actually came from a person or an entity, typically one they can trust, or simply know in the real world. In spoofing attacks specifically, the sender forges email headers so that client software displays the fraudulent sender address, where most of the users take at face value.

Unless a user ends up inspecting the header closely, which is rarely the case, they can see the forged sender in the message. If it is a name they recognize, they are more likely to trust it, and as such, they have the potential of clicking on malicious links, open malware attachments, and even send sensitive data and wire corporate funds.

Email spoofing has been made possible due to the fact that email systems are designed in a specific way. Outgoing messages are assigned a sender address through the client application, while outgoing email servers have no way to tell if the sender address is actually legitimate or spoofed. The recipient servers, as well as anti-malware software, can help detect and even filter spoofed messages; however, not every email service out there has implemented all of the security protocols. Users can review email headers which are packaged with just about every message out there and determine if the sender address is actually forged.

Keep in mind that email spoofing has been an issue ever since the early 1970s, and it started with spammers that used it to get around email filters. The issue, however, grew in popularity throughout the 1990s and is now a significant cybersecurity issue throughout the entirety of the 2000s to present day.