Email Spoofing: What is it, how does it work, and how do we prevent it? 

September 27, 2021

Email phishing is not a new concept. Since email became a widely-used method of communication, unscrupulous individuals have been sending emails for fake lotteries, invented inheritances, and fake charitable schemes. Many of these types of scams were easy to identify by looking at the sender. However, as technology has advanced, so have phishing schemes—especially in the form of email spoofing. 

What is it? 

Email spoofing occurs when a sender “masks” the sender on an email so that it looks to the recipient like the message has come from someone they know and trust.  

“When an email is sent, the From address doesn't show which server the email was actually sent from,” reports Hacker News in an article on email spoofing. “Instead, it shows the domain that was entered when the address was created so as not to arouse suspicion among recipients.” 

That results in the recipient receiving an email from—matching the one that exists in your contacts—that isn’t actually your aunt at all.  

How does it work? 

Email spoofing is able to occur because of how emails are handled by client applications and email servers, says Hacker News. 

“Outbound email servers have no way of knowing if the sender address is legitimate or spoofed,” says the article. “Therefore, email spoofing is possible because the email system used to represent email addresses provides no way for outbound servers to verify the legitimacy of the sender's address.” 

This means that malicious users can write scripts to reconfigure some email applications to display the address of one user when it is sent by another. Hacker News reports that this level of script use is not an advanced skill, meaning that it can be used by more people even if they don’t have an expansive knowledge of coding. 

How do we prevent it? 

The threat of email spoofing, and other forms of phishing attacks, cost individuals and businesses vast amounts of money. And the number of email fraud attacks only continues to increase. Hacker News reported that in 2020, phishing attacks increased 220% during the peak of the global pandemic when compared to the prior year. 

So what can be done to prevent this form of attack? Hacker News suggests implementing Domain-Based Message Authentication, Reporting, and Conformance (DMARC), an email authentication protocol. 

“DMARC works with two standard authentication practices - SPF and DKIM - to authenticate outbound messages and provides a way to tell receiving servers how to respond to emails that fail authentication checks,” says Hacker News. 

This strategy effectively blocks the unauthorized email from reaching the recipient, greatly reducing the number of spoofed messages from being sent successfully. 

Cybersecurity experts need to stay on top of the latest trends in the industry in order to know how best to prevent them. Capitol Tech offers bachelor’s, master’s and doctorate degrees in cyber and information security with coursework focused on the latest techniques in fighting cyber attacks.  

Many courses are available both on campus and online. To learn more about Capitol Tech’s degree programs, contact