Glossary

What is email spoofing?

Email spoofing is the forging of an email's sender address so a message appears to come from a trusted person or brand. It's a core technique behind phishing and business email compromise, exploiting the fact that email wasn't built to verify who sent it.

How email spoofing works

Standard email lets a sender set the 'From' address freely, so attackers can make a message look like it came from your bank, your colleague or your CEO. The display name and address can both be faked.

Spoofing is most convincing when a domain lacks proper authentication, letting forged mail reach inboxes without obvious warnings.

Defending against spoofing

Email authentication standards — SPF, DKIM and DMARC — let receiving servers verify that mail really came from your domain and reject forgeries. Combined with user awareness, they sharply reduce successful spoofing.

How to prevent email spoofing

  • Implement SPF, DKIM and DMARC on your domains.
  • Check the real sender address, not just the display name.
  • Verify unusual requests through a second, known channel.
  • Train people to report suspicious 'internal' emails.

How HookPhish helps

HookPhish adds a human-aware layer to email threats: it helps people spot and report spoofed messages, and trains them on the impersonation tactics spoofing enables.

Related

Business email compromisePhishingEmail threat protectionBrand impersonation

Frequently asked questions

Why is email spoofing possible?+

The original email protocols don't verify the sender, so the 'From' address can be forged unless authentication like SPF, DKIM and DMARC is in place.

How do I stop email spoofing of my domain?+

Configure SPF, DKIM and DMARC so receiving servers can verify and reject forged mail claiming to be from you.

How do I spot a spoofed email?+

Check the actual sender address, watch for mismatches and urgency, and verify unusual requests through another channel before acting.

Security training designed for people. Built for enterprise.

Learn how HookPhish can effortlessly transform your security program and reduce your human cyber-risk.

Fill out the form to schedule a 30-minute chat with a product expert. We'll discuss the challenges you want to solve, walk through HookPhish, and answer any questions.

2026
Top 50
Enterprise
2026
Top 50
Security
2026
Leader
Enterprise
2026
Momentum
Leader
2026
High Performer
Mid-Market
2026
Best Results
Enterprise

Book a personalized demo

Looking to become a partner? Use this form instead.

Select your country from the list.

1/2