1. Knowledge Base
  2. >
  3. Results
  4. >
  5. Article

Email Management: Email Spoofing

G Suite just got better - introducing the Google Workspace!

What is email spoofing?

Email spoofing is the forging of email addresses attempting to trick users into opening or even responding to what appears to be a legitimate email. The email header may seem to have originated from a friend, business acquaintance, or product or service that a user may have. This tactic is often used in spam and phishing campaigns, and although it is primarily a nuisance, there can be malicious forms also.

One should NEVER respond to any email asking the user for sensitive data or information like passwords, credit cards, or social security numbers. NEVER, EVER click a link in a suspicious email! Legitimate companies will not request their customers to submit private data via email.

How Spoofing occurs?

A spammer finds an email address or a valid domain. (Spammers spend their days looking for these)

The spammer sends a large email campaign with this domain in the From address, using various email tools that prohibit easy tracing of the origin. These tools cloak, scramble or remove the header entirely. Most assume an email came from the address it was sent from, just as they do with the return address on snail mail they receive.

An innocent domain owner gets flooded with bounce messages from email addresses that aren't valid or have blocking capabilities. Within a week, the spammer gets shut down by his/her ISP due to excessive bandwidth, complaints from people who figured out who sent the email, etc. The spammer moves onto another domain.

Spoofing is possibly the most frustrating abuse issue to deal with simply because it cannot be stopped. Spoofing is similar to handwriting many letters and signing someone else's name on them. You can imagine how difficult that would be to trace.

How can you tell if your email address was used in a spoofing campaign?

Your inbox may all of a sudden get flooded by bounce messages listing a variety of reasons why the messages are getting bounced. This typically does NOT mean that your personal computer has been hacked. If you are concerned, you should immediately change your email account password to be safe.

If you have access to your email header, you can often spot issues. In the example below

  • the addresses From: and Reply-To: are different
  • You may think you are writing to yourboss@example1.com
  • But in reality, your response is going to badguy@example2.com.
mail from: user1@example1.com
rcpt to: badguy@example2.com

From: YourBoss <yourboss@example1.com>
Subject: Raise!
Date: February 13, 2019 3:30:58 PM EDT
To: user1 <user1@example1.com>
Reply-To: YourBoss <badguy@example2.com>

Hi User1

Please reply to this message for details on your raise.

While the example below is an error message that you may correct via https://support.google.com/a/answer/10583557?hl=en

Card and List view

How can I avoid becoming a spoofing victim?

  1. Keep your antivirus software updated.
  2. Add a TXT/SPF Record to your DNS.
  3. Never respond to or click a link in a suspicious email.
  4. If you are in doubt about the authenticity of an email, contact the friend or business for verification separately.
  5. Change your email password frequently.

There is nothing you can do once an email has been spoofed. The bounced emails you receive may contain information that could be useful for tracking down the source of the email. They often come from infected computers, so getting the exact location of the spammer is pretty low. You may also find the IP address where the message originated, check which ISP it belongs to, and see if they would be willing to blacklist the IP address. 

This will continue to be an issue until stronger email protocols are in place. Other options may be to purchase more secure email offerings like Google Workspace or Microsoft 365 Anti-Spoofing Protection.

Email Spoofing with Unassociated Domain

Emails sent from a domain that is not associated with your account will trigger many email spoofing flags and eventually damage your email's email reputation resulting in undelivered emails in the future that is why one of the methods to avoid this is by NOT using "send from" aliases if the domain is not assigned to your hosting account. This will limit your risk of spoofing attempts, thus, keeping your email addresses safe. This will block any attackers attempting to use your business/email address to seek sensitive information.

Please note that we are not blocking the most common email domains (such as gmail.com and yahoo.com) that are commonly spoofed. The following is the list of whitelisted domains that will not be affected by this policy change:

  • rambler.ru
  • comcast.net
  • yahoo.com
  • mail.ru

If you would like to continue sending from a third-party email provider (@gmail.com or @mail.com), please refer to the article links below for a step-by-step guide on how to correctly configure your own personal email address. For all other providers, you'll be able to find the settings by searching in Google. 

Hotmail and other common email providers

To report and send spoofing mail, please don't hesitate to reach our support team.

Related Articles: