What is email spoofing?

Email spoofing is forging sender information to make messages appear from someone else. Attackers manipulate the From header, display name, or envelope sender to impersonate trusted entities. Recipients see deceptive sender identity.

Spoofing exploits email's original design, which lacked sender verification. Anyone can claim any identity in email headers without proof. Authentication protocols (SPF, DKIM, DMARC) address this by enabling verification.

Spoofing enables attacks: phishing impersonating banks or colleagues, fraud using executive identities, and reputation damage using victim domains. Protecting against spoofing requires both authentication implementation (preventing your domain from being spoofed) and awareness (recognizing spoofed messages).