Email spoofing and how to prevent it

What is email spoofing?

Email spoofing is when the sender of an email, typically a spammer, forges (spoofs) the “From” address in the email header. The email appears to be from a legitimate email address rather than the spammer’s address. The tactic can increase the spam messages seeming authenticity. You’re more likely to open an email that purports to come from a person or a company you know than an email that comes from a total stranger.

What to look for

If you’ve received an email you suspect is a spoofed email, you should be able to see the IP address for the computer that sent the spam in the header of the email, allowing you to determine where the message came from. You can then contact that PC’s Internet service provider and have that IP address blocked. In the short term, that may stop the email spoofing and the bounced messages.

In the header of the email, you should be see something like this:

Received: from [11.22.33.44] (11.22.33.44.servername.com [11.22.33.44])(Authenticated sender: [email protected])by something.servername.com (Postfix) with ESMTPA;
 Fri,  4 Jul 2016 19:28:23 +0000 (UTC)

This is just an example of using fake information, but the key thing to note here is “Authenticated sender.” This means the email was sent after authenticating the sender with a username and password through the outgoing mail servers using the email account login credentials. This is when you should run a complete system virus scan and change your password, as mentioned above.

How to prevent email spoofing

While there is no foolproof way to prevent email spoofing, we recommend you adopt some email security best practices:

  • Change your password frequently
  • Run full virus scans on your computer at least once a week
  • Avoid including your email address in online blogs and posts. Try using [at] and [dot]com instead of @ and .com to prevent malicious crawlers from harvesting your address.
  • Avoid using your primary email account for everything online. If you are signing up for something like a mailing list, contest, application form, or something similar, use a free throwaway email account like Hotmail, something you don’t mind deleting if it gets abused.
  • Only use your primary email to communicate with people you know or trust.

If you need help with your HostPapa account, please open a support ticket from your dashboard.​​

Related Articles