Email spoofing is a common fraud technique used to trick users into believing the email originated from a known contact or company while it really originated from the spammers mail server.
Spoofing is used as a means of phishing; whether it be to promote services, collect sensitive data or harvest a bounty. In some cases not only is the sender address forged, the spammer takes advantage of the company brand or email signature.
Unfortunately it's difficult for inexperienced users to identify whether an email is genuine or not, making it easy to mistake an emails authenticity. To check the authenticity of the origin of an email, you have to careful inspect the email headers to verify the origin of the email.
Spoofing is possible due to outgoing mail servers inability to process whether a sender address is authentic, it's unfortunately as simple as configuring an email address as the sender address in a script or application.
Thankfully you can secure your domain from unauthenticated use by implementing a DMARC policy. A DMARC policy directs receiving mail servers how to handle emails sent using your domain without correct authentication methods. For more in depth understanding on email authentication and guidance on implementing a DMARC policy, please read our email authentication guide.
Another method of spoofing is website forms being taken advantage of to send spam content, this can be simply resolved by adding a CAPTCHA or honeypot to all website web forms.
If you're struggling with spoofing and would like further advice regarding securing your domain, please contact our support team at firstname.lastname@example.org and we'll be glad to provide case specific recommendations.