Skip to main content
My preferencesSign out
Proofpoint, Inc.

Email Spoofing

 

Email Spoofing
Situation This article will help you understand email spoofing.
Solution This article will demonstrate examples of spoofing, and how to prevent unsolicited emails being sent on behalf of your domain to external recipients from external sources.

 

What is email spoofing?

Email spoofing is the creation of email messages with a forged sender address (such as your own email address). It is easy to do because the core protocols do not have any mechanism for authentication. It can be accomplished from within a LAN (Local Area Network) or from an external environment.

Why do people spoof my companies email address's and others?

Spam and phishing emails typically use such spoofing to mislead the recipient about the origin of the message.

Here are some external articles about spoofing:

https://help.aol.com/articles/what-is-email-spoofing-and-how-can-i-tell-if-my-account-has-been-spoofed
https://support.google.com/mail/answer/50200?hl=en
https://en.wikipedia.org/wiki/Email_spoofing

How do I help prevent people spoofing me or my domain?

By adding SPF (Sender Policy Framework) records to your existing DNS information, this will increase the chances that any spoofed email will be detected and is an added security measure, as all incoming emails will have the sender information validated.  Please note that by adding an SPF record does not make this 100% full proof.

Below are the SPF records, please use the one relevant to your platform

SPF Records

  • US1, 2, 3 and 4
    v=spf1 a:dispatch-us.ppe-hosted.com ~all
  • EU1
    v=spf1 a:dispatch-eu.ppe-hosted.com ~all

Please Note: Proofpoint Essentials does not block an email outright for the SPF entry. This is because there are a large number of domains that have an incorrect SPF record. We will just increase the overall spam score.

 

A soft fail (~all) will increase the spam score moderately (which may not quarantine a message dependent on your spam threshold specified) whereas a hard fail (-all) will increase the score aggressively and quarantine the message if triggered.