E-mail Spoofing is the forgery of an email header so that a message appears to originate from someone or somewhere other than the actual source. Since SMTP does not require authentication, a sender can set any “From” address — whether fictitious or stolen.
Why Spoofed Email is Dangerous
- Tricks users into changing passwords or sending sensitive files (impersonating IT admins).
- Facilitates social engineering by impersonating people in authority.
- If your address is used as the return address for spam, your domain may be added to blocklists.
Prevention Guidance
- Cryptographic Signatures: Use PGP or S/MIME to digitally sign and authenticate email.
- SMTP Port Lockdown: Prevent direct external SMTP connections to your mail server.
- SMTP-AUTH: Require authentication for all outbound relay.
- Centralised Logging: Route all inbound SMTP through a single hub for unified log analysis.
- User Education: Train users to never disclose passwords via email regardless of sender identity.
- Domain Name Checks: Verify source domain existence on the recipient server (SPF records).
CISSP Made Easy 