Safeguarding your business and domain from email spoofing

When you think of identity theft, you might conjure up images of a mysterious individual falsifying documents to pose as someone else and commit crimes around the world. For businesses, there’s another type of identity theft that can be just as or even more damaging—email spoofing.

Email spoofing—also known as domain spoofing— is one of the most common types of cyber attacks on businesses and individuals. With a bit of education and the right tools, you can easily protect your account, business and customers from those pesky cybercriminals.

Stick with us to learn how to stop spoofing from your email address and why it’s super important to stay vigilant. Let’s begin!

What is email spoofing?

Email spoofing is a type of cyber attack that involves sending an email message with a forged sender address so that the sender can pretend to be someone they’re not. This is achieved by forging the email header so that email clients display a fake or forged email address. The goal of these sneaky hackers is to trick the recipient into believing that the email is coming from a legitimate source and that it’s safe to carry out whatever action the email is asking of them.

While email spoofing is an attack in and of itself, it’s actually more of a means to an end. Spoofing is carried out for a few different reasons, including the good ol’ classic spamming, phishing attacks, or spreading viruses and malware. By tricking the recipient into believing the email is from a real sender, they are more likely to click on malicious links or download dirty attachments. This can result in personal or credit card details being stolen or their device being infected with malware.

Sounds like hacked email—but it’s not!

If you’re thinking that email spoofing sounds the same as hacked email, you’d be forgiven—they do sound pretty similar! But there is a distinct difference between email spoofing and hacked email.

While email spoofing involves impersonating a legitimate sender through technical manipulation of the email, hacked email simply means that someone has gained unauthorized access to an account. When someone hacks an email account, they can go on to access the owner’s sensitive information and other accounts, send emails on their behalf, and even use the account for further attacks.

Both types of attacks are dangerous and should be guarded against, but spoofing requires a little extra knowledge about how email works, and the different steps to prevent it.

Methods of email spoofing

Before we jump right in with how to prevent email spoofing from your domain, it’s useful to know that there are three ways to spoof emails:

1. By forging a display name so that when the email appears in the inbox the email sender appears to be legitimate. But, if you look at the email address, it won’t be recognizable as a legitimate sender.

2. The double-whammy: By using a lookalike email address and display name, the lookalike domain will appear to be authentic at a quick glance. But pay attention and you’ll notice subtle differences. For example, instead of [email protected], the address might be [email protected].

3. Forging a real domain so that the from email address in the header is different to the real sender address, and appears to be from a trusted sender. With this method, hackers exploit vulnerable SMTP (Simple Mail Transfer Protocol) servers to manipulate the email header.

Unfortunately, there isn’t much you can do about methods 1 and 2 except educate your users and customers about email spoofing attacks. These attacks won’t affect your domain activity or sender reputation because they aren’t directly connected to your business. This article will explain how you can protect your account from spoofing via method 3: forging a real email domain.

How to stop spoofing emails from your email address

When it comes to spoofing your domain to send emails, it can have a very real and lasting effect on your deliverability, brand reputation and customer trust. So let’s take a look at how you can prevent spoofing emails from your domain.

1. Email authentication is your best friend

Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain Message Authentication Reporting & Conformance (DMARC) are standard email authentication protocols that help mail servers verify you as a sender. Not only do they make email more secure, but valid SPF and DKIM records are actually required by Email Service Providers (ESPs) to use their service, while DMARC is often optional.

These records are extremely easy to implement, and will be given to you by your email provider—so there are no excuses! And even though DMARC is optional, we highly recommend it. You see, during authentication, if SPF or DKIM fail, DMARC steps in to check the from address in the email header against the relevant domain, adding another layer of protection. It also provides other benefits, which we’ll get into below.

2. Ensure a secure SMTP server

When looking for emails to spoof, hackers will look for vulnerable SMTP servers to exploit. To prevent attacks, there are steps you should take to secure your email server. Securing your server should be a top priority, so think about:

1. Encryption: Are you using secure SMTP connections? You should be using encryption protocols such as TLS, S/MIME and PGP to secure you email.

2. Limited server access: Use SMTP authentication and only provide access to users who really need it. Make use of features such as IP allowlisting to block unauthorized IP addresses from accessing your account.

3. Mail relay configuration: Ensure you’re configuring the mail relay parameter of your mail server to only relay mail from authorized domains. This will prevent spammers from using your server as an open mail relay.

4. Limited SMTP connections: Restricting the number of SMTP connections your server allows you to prevent attacks on your network infrastructure.

3. DMARC reporting

An additional benefit of implementing a DMARC record is that it enables you to receive reports from Internet Service Providers (ISPs) about your domain activity and authentication failures. Monitoring your domain activity will allow you to stay proactive and in the know about any suspicious activity. If anything looks fishy, you can take steps to resolve it before it becomes a bigger issue and causes damage to your sender reputation, deliverability, and business.

The best way to monitor DMARC is with a DMARC monitoring and reporting tool, that will automatically check and report back your domain activity. This will allow you to identify unauthorized sending sources and block them, and will give you alerts and suggestions. It’s also a great overall troubleshooting tool!

Email spoofing signs: What to look out for

It might not always be obvious that your email has been spoofed, but with DMARC reporting it’s easier to identify suspicious activity!

• In your DMARC reports, SPF and/or DKIM authentication has failed, even though you have them configured correctly

• Domain alignment between the from address and the domain specified in the SPF record and DKIM record has failed

• Your DMARC reports show unauthorized IP addresses as the sending sources

Without DMARC reporting, some signs to look out for are:

• You’ve received email replies from senders that you have not previously sent to

• Recipients have received emails from you that were not sent by you

• Emails have appeared in your sent folder that you didn’t send

But of course, these are not as easy to identify nor are they very reliable. DMARC monitoring is the way to go!

The dangers of email spoofing

Email spoofing is a common practice—and there’s a reason for that. It can result in significant gains for hackers which come at a great cost to spoofing victims. Not only does it have an impact on those directly targeted through phishing scams and malware attacks, but it also impacts the businesses whose domains are used.

1. Loss of brand trust

Trust in your business can be affected in 2 ways. Firstly, if an email recipient falls victim to an attack via a spoofed email from your business, they’ll be much warier about clicking or even opening any of your legitimate emails in the future.

Secondly, if your email security has lapsed to allow the spoofing to happen, customers will wonder what else in your online business eco-system is lacking. Are there any other cybersecurity concerns? Is your website insecure? Can customers be sure that when they enter their payment details to make a purchase, they aren’t being stolen?

The credibility and reputation that you’ve worked so hard to build will be damaged, and it could take a while before you’re able to repair it.

2. Damage to your sender reputation

Fraudulent emails sent from your domain name negatively impact your sender reputation and deliverability. Spam and virus-laden or other dangerous emails will either be flagged by ISPs or spam filters, or will be reported by recipients. As well as direct damage to your sender reputation, you could find your domain or IP on an email blocklist, some of which are difficult to be removed from.

3. Financial loss

Online attacks where hackers use businesses to carry out their misdeeds can lead to significant financial loss. This can be a result of customers losing trust in the brand and boycotting it, leading to a loss in sales. Or the business being faced with legal ramifications and fines due to a lack of compliance and following the necessary protocols and standards when it comes to data protection and online security.

Security is not a joke!

Now you understand that email spoofing is a bit like when Jim impersonated Dwight (but a lot more dangerous) you can take the appropriate steps to make your email bulletproof. When it comes to securing your email and domain activity, no precaution is too big. The best way to remain vigilant and have ultimate visibility into your email sending is with DMARC monitoring and reporting—so try it out!

Do you have any tips on how to prevent email spoofing? Let us know in the comments!