[[:start|Home]] > [[:faq|FAQ]] > [[faq:email|Email]] > [[faq:email#spam_junk|Spam & Junk]] > **How to prevent email being spoofed**

====== How to prevent email being spoofed? ======

Email spoofing occurs when someone sends an email pretending to be a trusted sender — such as a customer, coworker, manager, or even yourself. These emails may look legitimate but are actually sent by cybercriminals attempting to deceive recipients. Their goal could be to trick you into transferring money, downloading malware-infected attachments that compromise your network, or providing personal information for fraudulent use.

To protect your emails, our system implements security measures that identify and manage spoofed messages:
  * Hardfail Spoofed Emails: Emails that fail authentication checks definitively will be rejected outright.
  * Softfail Spoofed Emails: Emails that partially fail authentication will be marked as spam, allowing you to review them with caution.

To further secure your domain and email communication, follow these best practices:

==== 1. Make sure your SPF record is configured correctly ====
If you are using Lookafter email service, ensure that you are using [[faq:domain_and_web_hosting:spf-conf-domain|the correct SPF record]].\\ 
If you need to authorize third-party email servers to send emails on your behalf, ensure they are properly included in your SPF record to avoid authentication failures.

==== 2. Be cautious with unexpected emails ====
If you receive an unexpected email from a colleague, vendor, or even yourself asking for urgent action, verify with them directly through another communication method (e.g., phone or chat).

==== 3. Check the sender’s email address carefully ====
Cybercriminals often use email addresses that look similar to legitimate ones (e.g., ceo@yourc0mpany.com instead of ceo@yourcompany.com).

==== 4. Avoid Clicking Suspicious Links or Opening Attachments ====
If an email asks you to click a link or download an attachment, hover over the link to see the actual destination before clicking.\\ 
If in doubt, visit the official website directly instead of using the email link.

==== 5. Use Strong, Unique Passwords ====
Never use the same password for multiple accounts.\\ 
Enable [[faq:security:2auth|Second Factor Authentication (2Auth)]] to add an extra layer of security.

==== 6. Keep Your Devices and Software Updated ====
Regular updates help protect against security vulnerabilities that attackers may exploit.\\ 
Ensure your antivirus software is active and running.

==== 7. Report Suspicious Emails ====
If you suspect an email is spoofed, report it to your IT team or forward the email to [[helpdesk@lookafter.com]].
Do not reply or engage with the sender.