What are the different types of spoofing (header, display name, domain)?
Header **spoofing** manipulates the From header to show a fake sender address. The full email address appears as something like ceo@company.com when it's actually from attacker@malicious.com. DMARC enforcement can prevent this.
Display name **spoofing** changes the friendly name while keeping a different address. Recipients see "CEO John Smith" but the actual address is attacker@gmail.com. This bypasses domain authentication since the real sending domain is authenticated.
Domain **spoofing** uses the victim's actual domain in the From address. This is what DMARC directly prevents. Without **DMARC** enforcement, attackers can send as anyone@yourdomain.com from their own infrastructure.
Was this answer helpful?
Thanks for your feedback!