[ plain english guide ]

What is email spoofing?

Spoofing is when someone sends an email that looks like it came from your domain, even though you did not send it.

Diagnostic shield stopping a forged email route before it reaches an inbox

[ the simple version ]

The dangerous part is the name.

People trust names they recognize. A spoofed message abuses that trust by putting a familiar business, coworker, vendor, or customer in the sender line.

The attacker may not have your password. They may not be inside your mailbox. They are trying to make the message look believable enough for someone else to click, pay, reply, or share a file.

The name looks familiar

The sender name says your company, your bank, or a person your customer already trusts.

The request feels routine

The message asks for a payment, a password reset, a file, or a quick approval.

The timing adds pressure

The email lands during a busy moment, when people are less likely to inspect the address.

The inbox has to decide

If your domain has weak protection, the receiving inbox may have less proof that the message is fake.

A spoofed email can look routine

Attackers often pair a familiar sender name with an ordinary attachment. The goal is not to look dramatic. It is to look normal enough for someone to click.

Synthetic email example fake sample
From
Workplace Services <avery@example-company.test>
To
Avery Lee <avery@example-company.test>
Subject
Notice of importance: Work email will be deactivated
Date
Monday, April 20, 2026 at 8:09 AM

One attachment

Notice_Of_Deactivation.eml

8.7 KB

This example is fake. It mirrors the pattern, not a real sender or domain.

Self-sent appearance

The visible From and To addresses use the same mailbox, which can make the message feel internal.

Urgent account threat

Deactivation, storage, payroll, and security warnings are designed to make people open first and verify later.

Attachment carries the lure

The first email can stay short because the real phishing link or fake message is inside the attached file.

Attachments do not automatically mean spoofing.

The spoofing part is the forged sender identity. The attachment is often the delivery method for the scam.

.eml / .msg

Nested email phishing

An attached email contains the real lure, often a fake Microsoft or Google sign-in page.

.pdf

Fake secure document

A PDF claims to be an invoice, scan, contract, or tax notice and sends the reader to a link or QR code.

.html / .htm

Attached login page

The attacker sends the fake sign-in page as a file so the first email contains fewer obvious links.

.zip / .rar

Compressed payload

An archive hides scripts, shortcuts, or malware behind a routine-looking document name.

[ how protection works ]

Inboxes look for proof.

Your domain can publish instructions that help inboxes spot fake mail. The names are technical, but the questions are simple.

SPF

Who is allowed to send?

This record lists the services that can send mail for your domain, such as Google Workspace, Microsoft 365, or a help desk.

DKIM

Was the message signed?

This signature helps inboxes confirm that an approved service sent the message and that it was not changed along the way.

DMARC

What should inboxes do?

This policy tells inboxes what to do when a message claims your domain but fails the sender checks.

How Inbox Vital helps

Inbox Vital checks your domain, explains what is weak, and keeps watching for changes. You get the plain readout, not a wall of record syntax.

Scan my domain

Questions people ask first

Is spoofing the same as hacking my mailbox?

No. A spoofed email can pretend to be from you without the attacker logging into your account. Account takeover is still serious, but it is a different problem.

Can spoofing be stopped completely?

You can make it much harder for inboxes to accept fake messages from your domain. The usual path is a clean sender list, valid signatures, and a policy that tells inboxes to reject failures.

Do I need to understand DNS records?

No. Someone has to change the records, but you do not need to read the syntax to understand the risk or the fix.

Why scan again if this was fixed once?

Email setups change. A new newsletter tool, help desk, CRM, or domain host update can weaken protection later. Monitoring catches drift before customers have to notice it.

[ start here ]

Check whether your domain can be spoofed.

Run a scan, see the weak spots in plain English, and keep your domain watched as your email setup changes.