Let’s orient us with this tech word called “Spoofing”.

What does spoofing mean?

In general term, it is a fraudulent or malicious practice in which the communication is sent from unknown source disguised as a source-receiver. The term "spoofing" is generally regarded as slang but refers to the act of fooling -- that is, presenting a false truth in a credible way. In the tech-world spoofing is considered as a cybercrime or scam and most prevalent in communication mechanism that lacks a high level of security.

Today, emails fraud (Phishing) using forged sender names (Spoofing), asking recipients to update passwords or check his financial information. These fraudulent emails which look like a real email sent from your organization with also the same name of the sender (From) and your organization name as well. They may also contain additional threats like Trojans or other viruses. These programs can cause significant computer damage and trigger unexpected activities, remote access, deletion of files to name a few.

Spoofing can sabotage a company in a number of ways:

• Cause chaos
• Induce material damage
• Harm data integrity
• Damage the company reputation

Add your domain to the blocked domain list

This means any internal messages from your domain will be received/sent well without any issues. Anything else from outside of your domain will be blocked. So, if you're using a third-party systems or programs to send messages from your domain outside of the network, make sure to add the applicable email/ IP address to the allowed list.

Recognize the signs

You should be cautious and check for the signs like spelling errors, urgent language or request for too much information. For instance, don’t trust the display name of the sender, look but don’t click, don’t give personal information, beware of sketchy subject lines, review the signature and don’t click the attachments. These are clear warning signs and you can suspect an email spoofing.

Get educated with email headers

The message headers give a valuable insight of where the email is coming from like sender, recipient, and subject with its routing history. Checking the email headers vary from email clients depending on what you are using.

Examples of email client and how to check their email headers.

Gmail
1. Open the message in your Gmail inbox.
2. Click the down-arrow in the top-right corner of the message.
3. Click the "Show original" link toward the bottom of the options box. The message will open in a separate window with the full message headers at the top.

Yahoo Mail
1. Open the email message in your Yahoo Mail inbox.
2. Click the "Full Headers" link located in the lower-right corner of the email message.

Microsoft Outlook
1. Open the message in Microsoft Outlook.
2. Click Options (2007) or Tags (2010/2013).
3. You'll see the headers in the "Internet Headers" box.

Check your SPF

An SPF record – The Sender Policy Framework is a list of IP addresses which are authorized to send emails from a domain.

These are the two sides to play together.

• The domain owner publishes this information in an SPF record in the domain's DNS zone.
• The receiving server must check whether the message complies with the domain's stated policy. For example, a message is considered fake when it comes from an unknown server.

Use DKIM check

DKIM check – an email authentication method. It enables you to sign and verify email messages using public and private keys. The public keys, published in the DNS records are used to verify if the message comes from the original sender.

The current method of authentication widely used DMARC, DKIM, SenderID, and SPF, which is based on the recipient's e-mail system that supports anyway. The dnschecker.org offers various DNS tools that help you check various records related to email.

Taximail, verifies the sender's identity are always in each email sent. And helps prevent tampering with your sender name. You will be assured that sending your email campaign will come from your domain.