Email spoofing

Email spoofing is the creation of email messages with a forged sender address.[1] The term applies to email purporting to be from an address which is not actually the sender's; mail sent in reply to that address may bounce or be delivered to an unrelated party whose identity has been faked. Disposable email address or "masked" email is a different topic, providing a masked email address that is not the user's normal address, which is not disclosed (for example, so that it cannot be harvested), but forwards mail sent to it to the user's real address.[2]

Part of a series on
Information security
Related security categories
Computer security Automotive security Cybercrime Cybersex trafficking Computer fraud Cybergeddon Cyberterrorism Cyberwarfare Electronic warfare Information warfare Internet security Mobile security Network security Copy protection Digital rights management
Threats
Adware Advanced persistent threat Arbitrary code execution Backdoors Hardware backdoors Code injection Crimeware Cross-site scripting Cryptojacking malware Botnets Data breach Drive-by download Browser helper objects Viruses Data scraping Denial of service Eavesdropping Email fraud Email spoofing Exploits Keyloggers Logic bombs Time bombs Fork bombs Zip bombs Fraudulent dialers Malware Payload Phishing Polymorphic engine Privilege escalation Ransomware Rootkits Bootkits Scareware Shellcode Spamming Social engineering Screen scraping Spyware Software bugs Trojan horses Hardware Trojans Remote access trojans Vulnerability Web shells Wiper Worms SQL injection Rogue security software Zombie
Defenses
Application security Secure coding Secure by default Secure by design Misuse case Computer access control Authentication Multi-factor authentication Authorization Computer security software Antivirus software Security-focused operating system Data-centric security Code obfuscation Data masking Encryption Firewall Intrusion detection system Host-based intrusion detection system (HIDS) Anomaly detection Security information and event management (SIEM) Mobile secure gateway Runtime application self-protection
v t e

The original transmission protocols used for email do not have built-in authentication methods: this deficiency allows spam and phishing emails to use spoofing in order to mislead the recipient. More recent countermeasures have made such spoofing from internet sources more difficult but not eliminated it; few internal networks have defenses against a spoof email from a colleague's compromised computer on that network. Individuals and businesses deceived by spoof emails may suffer significant financial losses; in particular, spoofed emails are often used to infect computers with ransomware.