Related terms


Email marketing platform with everything you need to design, send campaigns, and perform upmost efficient tracking



Fraudulent impersonation of a sender's identity is the act of sending messages from a fake address, pretending to be someone known to the recipient, typically large companies. One way to detect it is by checking if the reply address is different. It can be prevented by using the SPF (Sender Policy Framework) protocol.

Are your emails ending up in spam? Acrelia provides you with all the tools to avoid it. Try it now.

What types of spoofing are there?

There are many ways to carry out a spoofing attack. One of the most common ones nowadays is email spoofing (phishing). The attacker will use the email of an existing person or organization to request confidential information, send spam, or distribute deceptive and/or malicious information on a large scale.

Another form of spoofing is IP address spoofing, which is popular in DDoS attacks (disabling a server, service, or infrastructure). With this method, attackers can bypass firewall protections since they use a trusted IP address, allowing them access without issues.

Web spoofing involves intermediating between the user and the web page they intend to visit. This way, attackers can monitor their activity and keep a record of their visits, passwords, and personal information.

Another form is DNS spoofing, which involves redirecting victims from one website to another. The attacker changes the website's IP address to a fraudulent one and steals their personal data.

Finally, in ARP spoofing, the attacker infiltrates a LAN by masking their device as a member of the network. ARP spoofing is used to steal information.

How to detect email spoofing?

There are various aspects to consider when trying to detect email spoofing. For instance, if you receive an email from a company that appears authentic but comes from a free provider's address (e.g., Gmail, Outlook, Yahoo), it may be a case of impersonation. On the other hand, many companies address you by your name. If you see that the beginning of the message is too generic (e.g., "Dear customer"), be cautious.

Companies already have your data, so it's not normal for them to email you to request passwords or billing information. In such cases, be cautious as you're likely facing a case of impersonation. Furthermore, some attackers try to evade spam filters by placing malicious content in attachments. Beware of those with extensions like .HTML or .EXE, as they can install malware on your device.

Other aspects to pay attention to include spelling or grammatical errors in the email since companies typically don't make these mistakes. Also, be wary if the email content urges you to take a quick and urgent action, and lastly, check the URLs in the email content because some attackers try to deceive you into visiting spoofed versions of websites by altering a letter or the page's extension.