Differences

This shows you the differences between two versions of the page.

--- faq:email:prevent-email-being-spoofed [2025/03/10 11:47] – vikki
+++ faq:email:prevent-email-being-spoofed [2025/03/10 13:59] (current) – [How to prevent email being spoofed?] vikki
@@ Line 3: / Line 3: @@
 ====== How to prevent email being spoofed? ======
-|<fc #ff0000>**Note:**</fc> The "Allow spoof email" option has been deprecated following [[https://lookafter.com/blog/spf-policy-update-2025-03-10/|our SPF policy update in March 2025]], as part of our efforts to enhance email security and prevent spoofing attacks.|
+Email spoofing occurs when someone sends an email pretending to be a trusted sender — such as a customer, coworker, manager, or even yourself. These emails may look legitimate but are actually sent by cybercriminals attempting to deceive recipients. Their goal could be to trick you into transferring money, downloading malware-infected attachments that compromise your network, or providing personal information for fraudulent use.
-Email spoofing is when someone sends an email pretending to be someone they are not. Such email appears to be originated from a trusted sender - such as customers, coworkers or managers, or even yourself - but they are actually sent from cyber-criminals, who would trick you into transferring money to them, downloading an attachment with malware that could infect to your entire network, providing them your personal information for fraudulent purposes, and more.
+To protect your emails, our system implements security measures that identify and manage spoofed messages:
+  * Hardfail Spoofed Emails: Emails that fail authentication checks definitively will be rejected outright.
+  * Softfail Spoofed Emails: Emails that partially fail authentication will be marked as spam, allowing you to review them with caution.
-While there is no fool-proof way to prevent abuse to your email address, here are several practices that you can adopt when it comes to securing your email address:
+To further secure your domain and email communication, follow these best practices:
-  * Set the "Allow spoof email" settings to **No** in your SMTP Settings. You can find this settings by logging in to your webmail as the Avomaster or voadmin, then go to **Profile -> Admin -> SMTP settings**. Click on the **No** option. Remember to press **Update** once you have done setting. Check out: [[faq:email:disable_spoof|Disabling Spoof Mails]]
+==== 1. Make sure your SPF record is configured correctly ====
-  * Change your password frequently; use strong password that is difficult to guess. Refer to the link here to [[https://go.agnx.com/?25|change your password]].
+If you are using Lookafter email service, ensure that you are using [[faq:domain_and_web_hosting:spf-conf-domain|the correct SPF record]].\\
-  * Run full virus scans on your computer **at least** once a week.
+If you need to authorize third-party email servers to send emails on your behalf, ensure they are properly included in your SPF record to avoid authentication failures.
-  * Avoid including your email address in online blogs or posts. Try using (at) and (dot)com instead of @ and .com to prevent malicious automatons from harvesting your address. E.g. instead of using an email of user401@domain.com, we type it as user401(at)domain(dot)com .
-  * Avoid using your primary email account for everything online. If you are signing up for something like a mailing list, contest, application form, etc, use a free email account or you can simply create one, on the spot via [[https://accounts.google.com/signup/v2/webcreateaccount?flowName=GlifWebSignIn&flowEntry=SignUp|Gmail]] or [[https://signup.live.com/signup?mkt=en-gb&lic=1&uaid=1d20836ceca4482f8f3033597615eac9|Hotmail]] (which you don't mind deleting if it gets abused).
-  * Only use your primary email to communicate with people you know or trust or to deal with important messages.
+==== 2. Be cautious with unexpected emails ====
+If you receive an unexpected email from a colleague, vendor, or even yourself asking for urgent action, verify with them directly through another communication method (e.g., phone or chat).
-Reference: [[https://help.hover.com/hc/en-us/articles/217282017-Am-I-being-spoofed-or-has-my-email-been-compromised-|What does it mean, "my email is being spoofed"]]
+==== 3. Check the sender’s email address carefully ====
+Cybercriminals often use email addresses that look similar to legitimate ones (e.g., ceo@yourc0mpany.com instead of ceo@yourcompany.com).
+==== 4. Avoid Clicking Suspicious Links or Opening Attachments ====
+If an email asks you to click a link or download an attachment, hover over the link to see the actual destination before clicking.\\
+If in doubt, visit the official website directly instead of using the email link.
+==== 5. Use Strong, Unique Passwords ====
+Never use the same password for multiple accounts.\\
+Enable [[faq:security:2auth|Second Factor Authentication (2Auth)]] to add an extra layer of security.
+==== 6. Keep Your Devices and Software Updated ====
+Regular updates help protect against security vulnerabilities that attackers may exploit.\\
+Ensure your antivirus software is active and running.
+==== 7. Report Suspicious Emails ====
+If you suspect an email is spoofed, report it to your IT team or forward the email to [[helpdesk@lookafter.com]].
+Do not reply or engage with the sender.

AGNX

User Tools

Site Tools

Differences

Page Tools