How can you tell if an email is spoofed?
Check authentication results in message headers. Look for **Authentication-Results** showing **SPF** pass/fail, **DKIM** pass/fail, and **DMARC** pass/fail. Failed authentication suggests **spoofing**, though some failures have legitimate causes.
Examine the actual sender address, not just display name. Mobile clients especially truncate to show only friendly names. Verify the domain after the @ matches the expected sender's organization.
Review message routing in Received headers. Legitimate messages from a company should route through that company's infrastructure. Messages claiming to be from company.com but routed through unrelated servers are suspicious.
Was this answer helpful?
Thanks for your feedback!