top of page
What is Email Spoofing?


Spoofing is the term for falsified e-mail addresses that appear to come from a sender when in fact, the message is really being sent by a spammer. They can be difficult to spot and cause many problems, both for recipients and spoofed e-mail address owners.


How spoofing operates


E-mail spoofing can assume a variety of forms, but basically, a spoofed e-mail has appears to have been sent from one source when it actually was sent from another source entirely. Phishing attempts and e-mail worms typically use spoofed e-mail addresses to trick users into believing that an e-mail has come from a trusted source. The actual sender effectively hides behind a user's address by falsifying its routing information, making it appears to come from the legitimate user's account.


However, any replies to a spoofed e-mail go directly to the legitimate e-mail account (not the sender who has spoofed the e-mail) causing embarassment and inconvenience. The legitimate user can find their e-mail Inbox bombarded with viruses, bounced e-mail, flame e-mails and in some cases can have their account suspended or shut down by their Internet Service Provider (ISP) for violating its anti-spam policy.


Meanwhile, the sender avoids all of these consequences, leaving innocent users to deal with the aftermath.


How to tell a spoofed e-mail address from a legitimate e-mail address


It is extremely difficult to detect a spoofed e-mail address, at first glance. It is possible to identify a spoofed e-mail by carefully analyzing e-mail headers but generally, spoofed e-mail is not immediately detected as such.


There are several things to look out for regarding potentially spoofed e-mail addresses


Typically, spoofed e-mails will appear to come from a legitimate source and it is often only the content of the e-mail itself that can give the spoofer away. Banks and other financial orgaizations do not request personal information via e-mail - that is one of the most important things you can remember regarding all e-mail fraud (spoofing, spamming and phishing included).


Like spammers, spoofers use various ploys to trick users into opening their e-mails, anything from placing "Dear friend" or "Remember me" in the subject line - implying that the e-mail is from someone the user knows, to more generic subjects like, "Your money has been refunded" or "About your Web site."


Be wary of e-mail that appears to be from a legitimate source (like your bank) that asks you to update your personal information - it is almost certainly a phishing attempt and the official looking e-mail address will be spoofed.


How to tell if your e-mail address is being spoofed


You receive (sometimes angry) replies to e-mail you know you did not send.

You receive multiple bounced e-mail that you know you did not send.

Your ISP challenges you about violating its anti-spam policy.

What to do if you think you have received a spoofed e-mail or your e-mail address is being spoofed


Do not respond to a spoofed e-mail to complain because, it will only arrive in your own e-mail Inbox.

Send a copy of the spoofed e-mail to the spoofed e-mail sender's ISP. The e-mail address for this is usually or but if you are not sure, visit their ISP's Web site and search for the information - it will be there.

Send a copy of the spoofed e-mail you received to your ISP's abuse desk. The e-mail address for this is usually or but if you are not sure, visit your ISP's Web site and search for the information - it will be there.

Include full e-mail headers when you file a spoofing report. Find out how to read e-mail headers here.

Further assistance can be also obtained by contacting our organization via out contact form

Basic safety tips for preventing e-mail spoofing:


Use more than one e-mail addresses. One for personal e-mail and the other for mandatory fields in online forms and access areas.

Make your e-mail address difficult to guess. Spoofers will use every name combination they can find to send spam (known as "dictionary attacks"), so, although unattractive and possibly difficult to remember, might attract less spam than Generic e-mail addresses like will always attract spoofing, unfortunately.


Never post your real e-mail address anywhere online, such as newsgroups, online chat and online profiles.

Use a "throwaway" e-mail address or disguise your e-mail address so that harvester bots cannot read it. Always check the privacy policy of any Web site that requests personal details, such as e-mail addresses. If the Web site is requesting this type of information and either does not provide an option to opt out or does not have a privacy policy, it is not wise to submit your information.

When you are responding via a Web site form, read it thoroughly.
Some Web sites who do include an opt out option usually require you to check a box to say that you agree to be sent e-mail (either from them or their associates). However, some of them ask that you uncheck a pre-checked box not to be sent e-mail and many consumers have fallen foul of that.
Never open e-mail and/or download attachments from anyone if you are not expecting them and if you must open an attachment - always virus scan it first.

Keep your operating system, anti-virus, anti-spyware and firewall software up to date.

Use any spam filters available by default from your ISP.

bottom of page