What is Domain spoofing?
Domain spoofing is a phishing attack where cybercriminals use a fake version of a legitimate email address to scam users. Unlike display name or close cousin spoofing, domain name spoofing replicates the legitimate email address exactly. This form of email spoofing is less common because of Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM). Once SPF and DKIM are incorporated into DNS settings, they prevent unauthorized use of domain names for spoofing attacks.
How to prevent Domain spoofing
Though some spoofing attacks are extremely hard to detect, many are easy to spot, and user awareness training can empower your employees to make a difference.
DMARC is the standard in spoofing protection, but it’s limited to blocking exact domain spoofing and doesn’t have an answer for cousin domains and display name spoofing. Despite its limitations, DMARC is effective at stopping certain types of spoofed emails and protecting your own domain’s reputation.
Ultimately, DMARC should be layered with other anti-spoofing technologies that use artificial intelligence, including machine learning and natural language processing, to block phishing and spear phishing emails.
Finally, advanced email security solutions can quickly analyze inbound emails for signs of email spoofing and other anomalies. Vade for M365 analyzes email headers to determine if the display name and email address are consistent with the company’s entity model. It also adds an SPF-like layer into the email filtering process that spots unauthorized use of legitimate domain names and cousin domains.
Vade for M365 is powered by a collaborative AI engine that continuously learns from an alliance of more than 1.4 billion protected mailboxes, millions of daily user reports, and a team of cybersecurity analysts. Combining AI-powered email security and integrated features that are made for MSPs, you’ll save time, reduce admin workload, and get more ROI from cybersecurity.