Email Spoofing



Email spoofing is a method of forging email header to change the sender's email address so that receiver sees it as sent by different sender than actual.

In the above example, it looks like mail sent from Dean of IIT Goa (, but it's not. It is an example of spoofed mail.

There are few online services available(like this) to send such spoofed mail, or one can use PHP / Python mail function with a modified email header.

Mail Servers decides given mail is Spam or not based on various factors like the content of the mail, email address, and a few others.

The main criteria are validating email id from which email came is the same mail id?

To validate, SPF (Sender Policy Framework), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) DNS records are used.

(I won't go into depth how it works)


let's consider the scenario, We have three websites to test.

WebsiteSPF RecordDMARC Record PresentNot Present Present

IIT B SPF v=spf1 ~all

IIT H SPF v=spf1 ip4: ip4: ip4: ip4: ~all

IIT B DMARC v=DMARC1; p=quarantine; pct=100;

Now, Send Spoof mail from all of these domains, and let's see, How Gmail reacts to this. (Check full email header)

WebsiteResponseSPF StatusDMARC Status Inbox without warning-- Inbox with warningSOFTFAIL- Spam with critical warningSOFTFAILFAIL


  • The attacker can launch phishing campaign with fake mail id like
  • An attacker can use fake mails id's and make social engineering attacks.


  • Add SPF record starts with "v=spf1" in DNS Zone File
  • Add DMARC record in DNS Zone File.