How does spoofing work technically?
Email has multiple "from" addresses that attackers manipulate. The envelope sender (**MAIL FROM**) routes bounces. The header From displays to recipients. The display name shows friendly text. Each can be set independently.
**SMTP** protocol accepts messages without verifying claimed identity. An attacker's server can connect to any recipient server and claim any sender address. Without authentication checks, the receiving server has no way to verify the claim.
Spoofing implementation: attacker configures sending server with victim's domain in From header, sends to targets, and messages appear to come from the victim. Authentication protocols change this by providing verification mechanisms receivers can check.
Was this answer helpful?
Thanks for your feedback!