Email Spoofing: What It Is and How to Spot It

Email spoofing is the practice of sending mail that appears to come from someone other than the actual sender. It is alarmingly easy at the protocol level, which is why every email client now does heroic work behind the scenes to flag it.

Why spoofing is possible at all

SMTP, the protocol that delivers nearly all email, was designed in an era of mutual trust. The "From" header is set by the sender, not verified by the network. Without auxiliary checks, anyone can claim to be anyone.

The defences (SPF, DKIM, DMARC)

Modern domains publish DNS records that say "these IPs are allowed to send for this domain" (SPF), "this is the public key we sign messages with" (DKIM), and "do this when something fails" (DMARC). Receivers check these records and downrank or reject mismatches.

Spotting it as a user

• The sender domain looks subtly off (paypa1.com, not paypal.com)
• Headers fail SPF or DKIM in the email client details view
• The body uses urgency to discourage you from inspecting

When in doubt, do not click. Open the service in a fresh browser tab and log in directly. That single habit defeats most spoofing attempts.