What is Domain spoofing?

This article will explore how domain spoofing works, the risks associated with it, and the best practices for preventing attacks so that your organisation stays protected from phishing and email fraud.

Table of Contents

• What is Domain spoofing?
• How to prevent Domain spoofing

What is Domain spoofing?

Domain spoofing is a phishing attack where cybercriminals use a fake version of a legitimate email address to scam users. Unlike display name or close cousin spoofing, domain name spoofing replicates the legitimate email address exactly. This form of email spoofing is less common because of Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM). Once SPF and DKIM are incorporated into DNS settings, they prevent unauthorized use of domain names for spoofing attacks.

How to prevent Domain spoofing

Though some spoofing attacks are extremely hard to detect, many are easy to spot, and user awareness training can empower your employees to make a difference.

DMARC is the standard in spoofing protection, but it’s limited to blocking exact domain spoofing and doesn’t have an answer for cousin domains and display name spoofing. Despite its limitations, DMARC is effective at stopping certain types of spoofed emails and protecting your own domain’s reputation.

Ultimately, DMARC should be layered with other anti-spoofing technologies that use artificial intelligence, including machine learning and natural language processing, to block phishing and spear phishing emails. 

Finally, advanced email security solutions can quickly analyze inbound emails for signs of email spoofing and other anomalies. Hornetsecurity’s 365 Total Protection analyzes email headers to determine if the display name and email address are consistent with the company’s entity model. It also adds an SPF-like layer into the email filtering process that spots unauthorized use of legitimate domain names and cousin domains.