Go To Namecheap.com
Hero image of How to Protect Your Email Address from Spoofing
Security & Privacy

How to Protect Your Email Address from Spoofing

Hypothetically speaking, let’s say you receive an email that looks like it’s from your boss, your email service provider, maybe even your best friend. 

You’d naturally be inclined to open it, right? Think again.

When you open an email that’s crafted to look like it came from someone you trust, consider yourself “email spoofed.” Email spoofing refers to the sending of email messages with a forged “from” address. This is a common tactic that cyber scammers use to gain the trust of their victims — a.k.a., you. 

While recent studies suggest almost 30,000 email spoofing attacks each day, its ubiquitous nature does not mean it shouldn’t be taken seriously. Because cybercriminals know you’re more likely to engage with trusted email content, whether that’s clicking on a link or opening a file attached, this makes it way easier for them to pull off a successful scam. And by pretending to be someone you know or are familiar with, these scammers can ultimately trick you into handing over vital info such as your credit card details, social security information, the list goes on.

So, what do spoofers want, and how do you protect your email address from being spoofed in the future? That’s why we’re here: to impart some easy and practical ways to stay safe. 

What spoofers want

While the true intentions may vary from case to case, the perpetrator ultimately wants to do some kind of damage, such as:

  • Convincing you to send money online
  • Convincing you to provide your login/password details
  • Giving away sensitive business and personal information

In some instances, though, the intent is highly personal. Well-spoofed emails can gain access to their target’s computer data, business contacts, even their social media accounts. Ever see those Instagram stories where someone says their Instagram account was hacked? Case in point. 

Ultimately, email spoofing is disruptive and malicious by nature. And once a bad actor has fooled their recipient, they can run wild and do various damage along the way. 

Shield and envelope with password

How to combat email spoofing

  1. Use a sub-domain. If you send any emails using a subdomain, it’s way harder to spoof your email. For example, we recommend using @help.yourcompany.com instead of @yourcompany.com.
  1. Use anti-malware software. Anti-malware software can help to prevent email spoofing by identifying, then blocking, suspicious websites and detecting spoofing attacks. Once the software has identified a suspicious sender or email, it can stop the spoofed email from ever reaching your inbox. 
  1. Use email spam filters. While it’s common for email service providers to include spam filters, like Namecheap’s Jellyfish, this means you can rest a little easier knowing that any email deemed suspicious is automatically thrown into the spam folder. 
  1. Use a reverse IP lookup. To verify the real sender of the email you’ve received, use the reverse lookup tool to identify the domain name associated with the IP address. If the IP address is different from where the email supposedly came from, you’re looking at an email spoofing attack.
  1. Protect your password. Hate remembering multiple passwords for multiple accounts? Turn to Dashlane or RememBear. When a strong password just isn’t enough, consider Two-Factor Authentication. Namecheap has a few Two-Factor Authentication options for free such as U2F service, TOTP, and OneTouch (SMS)
  1. Audit your email. Domain-based Message Authentication, Reporting & Conformance (DMARC) is used to check the credentials of an email. With DMARC, it lets email senders and receivers figure out whether a message is from a legitimate sender and how to treat the email if it’s not. 

    If we’re getting technical, part of the DMARC process involves the Sender Policy Framework (SPF), which authenticates sent messages. If the sent message fails to pass the SPF test, it will fail the DMARC process and be rejected. 

    DMARC also uses the DomainKeys Identified Mail (DKIM) method for message authentication. DKIM allows you to establish greater trust by preventing spoofing emails from being sent as outgoing messages from your domain. If a sent message doesn’t pass the DKIM test, it will also fail DMARC and be rejected. 

    Are you a Namecheap DNS customer? Learn how to add SPF, DKIM, and DMARC records to your domain name

Final thoughts

In our increasingly digital world, the threat of email spoofing and phishing is all too real. 

And because emails are still the primary route for cyberattacks, one wrong click on the wrong link or attachment can lead to a whole slew of problems. 

Cybercriminals are always coming out with new ways to scam people and businesses and the most valuable currency to them is your information. Whether it’s personal or business-related, it’s crucial to do everything you can to keep it out of cybercriminals’ hands. 

Learn more today about social engineering, how social engineering works on social media, and how to protect your online business from fraud

Have you been email spoofed? Let us know about your experience in the comments below. 

Was this article helpful?
Get the latest news and deals Sign up for email updates covering blogs, offers, and lots more.
I'd like to receive:

Your data is kept safe and private in line with our values and the GDPR.

Check your inbox

We’ve sent you a confirmation email to check we 100% have the right address.

Help us blog better

What would you like us to write more about?

Thank you for your help

We are working hard to bring your suggestions to life.

Erin Huebscher avatar

Erin Huebscher

As a born-and-bred American who now resides in Germany, Erin brings her love of digital storytelling to Namecheap. With nearly 10 years of international copywriting experience from her time in Stockholm, Sweden, and an MA in Creative Writing, she has a penchant for all things fashion, film, food, and travel. More articles written by Erin.

More articles like this
Get the latest news and deals Sign up for email updates covering blogs, offers, and lots more.
I'd like to receive:

Your data is kept safe and private in line with our values and the GDPR.

Check your inbox

We’ve sent you a confirmation email to check we 100% have the right address.

Hero image of Join Namecheap’s 21st birthday odysseyHow to Protect Your Email Address from Spoofing
Next Post

Join Namecheap’s 21st birthday odyssey

Read More