Let’s take a moment to review a scenario that you’ve probably encountered if you’ve used email as a source of communication for any number of years.
While going through your inbox you may notice an email who’s “from” field is showing your email address or showing the email address of someone you know. However, the email looks very odd or suspicious to you.
This is most likely a spoofed email. Also referred to as email spoofing.
- What is Email Spoofing
- Spoofed Email Example
- Add SPF and DKIM Records
- How to Prevent Email Spoofing
- What can you do?
1. What is Email Spoofing?
Email spoofing is a common practice used by spammers and scammers to elicit a response from their potential victims. Most commonly, scammers use various tactics within the spoofed emails to frighten people into thinking they need to take some sort of action. Their demands may include things such as sending money or clicking a link within the spoofed email.
Spoofed emails may also come in the form of looking like they were sent by you or someone you know.
At a high level, spammers and scammers use email spoofing to get through or trick spam filters so their emails have a higher probability of being delivered.
2. Spoofed Email Example?
You might be asking yourself what spoofed email looks like. Here’s an example of a spoofed email that’s very common (at the time of this writing):
4. Add SPF and DKIM Records
By default, we add SPF and DKIM records to your DNS. If your DNS is missing SPF and DKIM records you’ll want to get those added to your zone file via cPanel if you’re using our services. Many web hosts will give you access to some sort of Zone Editor. If they don’t, you’ll want to contact your host to add the records for you. You might be wondering what a SPF and DKIM record is..
What is SPF?
SPF stands for Sender Policy Framework and is an email validation protocol to help detect spoofed emails. The SPF record is a record in your DNS that authorizes a server(s) to send email from your domain. When an email is sent from your email account, the receiving server is able to validate if that email is in fact coming from your server, which his authorized through the SPF record in your DNS.
What is DKIM?
DKIM stands for DomainKeys Identified Mail and is a form of authentication to help detect spoofed emails. It uses cryptographic keys and adds signatures on emails. When you send an email, these signatures are verified by the receiving servers.
And here’s what an SPF and DKIM record will look like:
4. How to Prevent Email Spoofing
If you’ve added SPF and DKIM records to your DNS you should be fine. Unfortunately, there’s not much else you can do to prevent spoofed emails. In the simplest of terms, email spoofing is about as easy as switching the return address on an envelope; anyone can do it.
When your email address is being used in a spoofed email, the email that’s being sent out isn’t being sent out by your server or our server if you’re using our services. It’s being sent out by another server the scammer is using to spam from.
There are ways to make sure spammers and scammers don’t acquire your email address:
- Use a contact form on your website, don’t publicize your email address
- Don’t publically display your email address on Social Media
- Registering any domain with privacy/WHOIS protection (free for PeoplesHost customers)
- Avoid using your email address to sign up for mailing lists
It’s very common for spammers and scammers to “scrape” for email addresses on web pages, social media accounts, etc.
5. What Can You Do?
Email spoofing won’t go away anytime soon. It does serve as a reminder to hide any personal information, including your email address, from the public.
It’s common for spoofed emails to also include old account information and passwords. This is because they use leaked email lists and account information from large breaches that were made public online. If you do receive a spoofed email that contains an old email address or password it’s a good reminder to frequently update your account passwords.
You can also check to see if your email address has been leaked by using sites such as Have I Been Pwned? With large sites such as LinkedIn being breached (May 2016), it’s very likely an email address of yours has been on a list of leaked account information to the public. The breach of LinkedIn alone exposed over 164 million email addresses and passwords and there have been many other breaches of large sites.