1and1 Help Centre Categories

print article

What is E-Mail Spoofing?

E-mail spoofing is the act of making an E-mail appear as if it were sent from a specific person (or address). SPAM and phishing E-mails often use such spoofing to mislead the recipient about the origin of the message.

Most E-mail providers will require authentication (a username and a password) in order to connect to the server and send a communication. Mail servers that do not require username or password can be used to spoof E-mails.

What can be done?
As more people abuse a mail server that can be used to spoof E-mails, it will become blacklisted more often or permanently. If blacklisted permanently, the owner of the mail server will be forced to require a username and password to send mail in order to be removed from the blacklists or simply shut down the mail server altogether because of all the blacklisting.

There are not many open mail servers that do not require a username or password. Open mail servers do not usually stay open for long. Offending mail server should be reported to blacklists until the owner of the mail server shuts down the server or requires authentication and restricts persons abusing the mail service from sending mail.

Sender Policy Framework (SPF)
Sender Policy Framework (SPF) is a validation system that detects E-Mail spoofing. It allows receiving mail exchangers to verify if the host sending the communications is authorised by the administrators of the domain.
For additional information, you may want to reference: