What is Email Spoofing and How to Avoid Being Spoofed

Printer-friendly versionPrinter-friendly versionSend by emailSend by emailPDF versionPDF version

It is undeniable that today's mode of communication is getting faster and bigger. And the role player revolutionizing this is electronic mail, better known as e-mail. Today, there are several hundreds of millions of email accounts out there and they are all at risk from email spoofing.

How to prevent from being spoofed

What is Email Spoofing?

By definition from wikipedia, "email spoofing" is the creation of email messages with a "forged sender address" - something which is simple to do because the core protocols do no authentication. Spam and phishing emails typically use such spoofing to mislead the recipient about the origin of the message.

Thus, email spoofing is simply done by sending an email message using a fake or made-up email account for the purpose of circulating an email misleading the receiver of the actual sender of the message.

Have you ever received a suspicious email message from someone you know and you doubted if the person really sent that message himself? This already happened to several people that caused them to panic. They panic because they thought that their email account or their recipient's email account was compromised.

How Do they Spoof Emails?

There are several ways a spammer is able to spoof an email account. Brilliant programmers misused their bright minds by developing software tools that will allow them to send emails with a variable sender email account.

If you are used to sending and receiving emails using a web-based account like Yahoo Mail, Gmail or Hotmail, you might noticed that before you are able to send an email, you need to be signed in, thus, you cannot change the "sender email address" when you send a message.

If you have used an email program like MS Outlook 2007, 2010 or other versions, or Thunderbird and other email programs, the pattern is the same. You need to add an email account into the email program, verify your ownership by providing the password and server information, and you must be able to send and receive emails. Therefore, when sending an email, you cannot change the "sender email address".

So how did these spammersdo the spoofing?

Simple. They use their developed tools to send emails wherein the sender email information is variable - can be filled out with any email.

There are several websites today that offer the same spoofing experience. Yes, you can try it yourself and see that it really works - sending an email with "any" sender email address. Here are the few websites that you can try:


  1. Type your receiver's email address
  2. Type a sender's address of your choice
  3. Type the subject
  4. Type your message
  5. Enter the security code to prove you are a human being
  6. Send email

Sending an anonymous email


  1. Pick any sender email address including a selection of domain names
  2. Click Compose tab
  3. Enter you message
  4. Send email

Sending anonymous email using guirellamail


  1. Enter your preferred sender email address
  2. Enter the receiver's email address
  3. Type the subject
  4. Type your message
  5. Attach any file
  6. Enter the captcha code
  7. Send email

There are still several websites doing the same thing - sending an email message with a variable sender address.

What to Do when your email or your friend's email account is spoofed?

There is nothing much to do when your email account or your friend's email account is spoofed. The reason for this is, the email account is NOT hacked or compromised so there is not much security risk.

However, to ensure your account security, I highly recommend changing your email password and providng a stronger password this time. By "strong" password, it simply means a longer password and a combination of capital letters, lowercase, numbers and punctuation marks. For procedures on how to test your password strength, click on this link:

Using Strong Password for Account Security

How to Avoid Being Spoofed?

This is the heart of the matter. We cannot change the minds of those hackers and spammers to not to spoof our email account, but we can do few things to avoid being victimized.

The biggest step you can take is to avoid posting your email address in web pages even though these websites are legitimate. The reason for this is because these spammers are using web scrapers tools to search the internet for email addresses. When your email address is picked, it will then store it in their database and then start sending spam emails to you. Worst yet, the spammer will then send emails on your behalf without you knowing it.

If you are visiting a forum or a question and answer website, and you really need to post your email address in your post, it is highly recommended to break the email with spaces so that these email scraper tools will not recognize it.