Email spoofing occurs when someone sends an email pretending to be a trusted sender — such as a customer, coworker, manager, or even yourself. These emails may look legitimate but are actually sent by cybercriminals attempting to deceive recipients. Their goal could be to trick you into transferring money, downloading malware-infected attachments that compromise your network, or providing personal information for fraudulent use.

To protect your emails, our system implements security measures that identify and manage spoofed messages:

• Hardfail Spoofed Emails: Emails that fail authentication checks definitively will be rejected outright.
• Softfail Spoofed Emails: Emails that partially fail authentication will be marked as spam, allowing you to review them with caution.

To further secure your domain and email communication, follow these best practices:

If you are using Lookafter email service, ensure that you are using the correct SPF record.
If you need to authorize third-party email servers to send emails on your behalf, ensure they are properly included in your SPF record to avoid authentication failures.

If you receive an unexpected email from a colleague, vendor, or even yourself asking for urgent action, verify with them directly through another communication method (e.g., phone or chat).

Cybercriminals often use email addresses that look similar to legitimate ones (e.g., ceo@yourc0mpany.com instead of ceo@yourcompany.com).

If an email asks you to click a link or download an attachment, hover over the link to see the actual destination before clicking.
If in doubt, visit the official website directly instead of using the email link.

Never use the same password for multiple accounts.
Enable Second Factor Authentication (2Auth) to add an extra layer of security.

Regular updates help protect against security vulnerabilities that attackers may exploit.
Ensure your antivirus software is active and running.

If you suspect an email is spoofed, report it to your IT team or forward the email to helpdesk@lookafter.com. Do not reply or engage with the sender.