What does a spoofed header look like?
Spoofed headers show discrepancies between claimed and actual sender information. The From header might claim your-bank@example.com while Received headers show the message came from a completely different server.
Key indicators: Received headers showing unfamiliar servers, authentication results showing failures, mismatched Return-Path and From addresses, and unusual server names or IP addresses in the routing chain.
Example: From: CEO@company.com but Received: from malicious-server.evil.com, Authentication-Results showing SPF fail and DKIM fail. These discrepancies reveal spoofing to anyone examining full headers.
Learn to spot spoofing red flags in email headers. Open an AI assistant with your question pre-loaded — just add your details and send.
Was this answer helpful?
Thanks for your feedback!