Click here to listen to The Problem of Fake Emails podcast

Most scam emails show the name of the sender  but this is simply typed in by the sender so can be anything. I can send out emails and name myself as the King of Norway if I want to.

However, usually the sender’s email address also shows so people would realise I’m not actually the King of Norway.

For example, a scammers message claiming to be from “South Eastern Electricity” but the senders email address doesn’t match e.g. This email address is being protected from spambots. You need JavaScript enabled to view it. or This email address is being protected from spambots. You need JavaScript enabled to view it. etc.

These are a give-a-way that the message is fake.

However, clever scammers can ‘spoof’ the sender’s email address and make it appear to be anything they choose.

This is how you get scam messages apparently from This email address is being protected from spambots. You need JavaScript enabled to view it. or Barclays Bank etc. but they are fakes.

Email Spoofing

This refers to sending an email message from one source, but making it appear to have come  from a different source. This does not mean that your email account was compromised. It means that the sender has fooled the mail client into believing the email originated from a different address.

This is done by inserting information into the email headers. It is possible to send a message that appears to be from anyone and with whatever content the sender wants it to have.

Malicious emails can damage your computer or your ability to work using the computer.

For example, spoofed e-mail may claim to be from someone in a position of authority, asking for sensitive data, such as passwords, credit card numbers, or other personal information — any of which can be used for a variety of criminal purposes.

Protect Yourself Against Email Spoofing

Do not click links in suspicious emails or without checking where the link goes. i.e. hover the cursor over the link to see what it actually is and if different from what it appears on screen – then do not click it. Delete the message.

Do not download documents, programmes or anything else unless you are totally sure that it is safe to do so.

The Technology of Spoofing

A scammer needs an email server running SMTP – this is the free technology that enables sending of emails and it can be run even on just a standard PC.  Many of the SMTP email packages allow you to set the ‘from’ address.

The Technical Answer to Spoofing

There are a variety of technical answers, but the most practical one seems to be Sender Policy Framework.

Sender Policy Framework  is a simple email-validation protocol designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain comes from a host authorised by that domain's administrators i.e. it has come from where it claims to be from.

The list of authorised sending hosts for a domain is published in the Domain Name System (DNS) records for that domain in the form of a specially formatted TXT record. Email spam and phishing often use forged "from" addresses, so publishing and checking SPF records can be considered anti-spam techniques.

If a domain publishes an SPF record, spammers and phishers are less likely to forge e-mails pretending to be from that domain, because the forged e-mails are more likely to be caught in spam filters which check the SPF record.

The difficulty with SPF is that unless email receivers check the SPF records then it is useless.

How can I protect myself from being spoofed?

Learn to read email message headers and check domain names and IP addresses. Nearly all email programs will let you float your mouse over an email address (or link in an email). What you see pop up should be identical to what you are floating over. If it is something different, then it is probably spam or phishing for information.


Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

Articles on Guidance