What’s the difference between spoofing and impersonation?
Spoofing is technical manipulation: forging headers to claim a sender identity without authorization. The email technically claims to be from someone@domain.com when it's not. Authentication can detect and prevent this.
Impersonation is broader deception: pretending to be someone without necessarily using their exact identity. Display name manipulation, lookalike domains, and visual mimicry are **impersonation** without technical **spoofing**. Authentication doesn't always help.
Example: Spoofing sends as ceo@company.com from an attacker's server. Impersonation sends as ceo.name@gmail.com or from ce0@c0mpany.com. Both deceive recipients; only **spoofing** is prevented by authentication enforcement.
Was this answer helpful?
Thanks for your feedback!