be Smart.
be Secure.
Phone: 800-441-6612

Infographic: Steps to Avoiding Forged Email

Forged emails are extremely common. Most of the time forged emails are merely a nuisance.However, if you accidentally share information with or click on a link from someone who sent a forged email, the results can devastate your goal or even your site, or if it’s really evil, an entire computer. Here’s some information about how to recognize and stop forged emails.

How to Avoid Forged Email: Forged Email Facts & SPF Significance

Avoiding Forged Email. Significance of SPF

Share This Infographic On Your Site

What is a forged email?

Forged email or “email spoofing” is when an email appears to be legitimate but an untrustworthy source sent it. A forged email may look as if it’s from someone you know, like a friend or coworker. It might also seem to come from a company or business that you trust, like Amazon or your local bank. Forgers can even spoof your own email address and send emails posing as you.

The goal of email spoofing or email forgery is to entice you to open a phony email, click a link, download an attachment (which might contain a virus), or share personal information, like passwords or credit card info.

Note: The act of trying to acquire personal info, such as passwords or credit card info in an unauthorized way is called phishing.


  • Unreliable sources send more than 150 million phishing emails daily around the world.
  • Of those 150 million emails, 16 million make it past email filters.
  • People open 8 million of those 16 million emails, and some click 800,000 links.
  • Every day, phishing tricks roughly 80,000 people and shares valuable or personal information.
  • According to a 2014 Microsoft Computing Safer Index Report, phishing scams around the world cost roughly $5 billion.

Most companies and email networks use SPF (Sender Policy Framework), DKIM (Domain Keys Identified Email), and DMARC (Domain-based Authentication, Reporting and Conformance) to help validate their senders and sending servers so that recipients can identify and discard forged email. As of 2013, most consumer mailboxes around the world (60 percent) use DMARC. However, BitSight, a security ranking vendor, conducted a study that revealed the following: Of the top S&P 500 companies, only 24 percent have a strong SPF in place.

How do you prevent forged email from occurring?

Email forgers typically go for volume over quality. They forge or spoof large amounts of email to trick the most people into sharing personal info. Here are a few things to look for to recognize a suspicious email message:

Overly urgent language

Does the email’s wording seem off? Rushed? Or does the email’s tone seem overly urgent and somewhat, but vaguely, threatening? For example, “Please pay your bill now or there will be consequences!”


Most fake emails use general greetings, such as “Dear loyal customer” or “Dear Member.” If the message doesn’t include your name, or if there’s some indication that the email’s writer doesn’t know you in some way, then move the email into the spam folder immediately and delete.

Dead giveaways

Odd punctuation and strange usage of capital letters (e.g. you MUST pay now!!!) are dead giveaways of email forgery. If the email doesn’t look quite right, say, for example, the business’ header in the email seems pixelated or off, or if the email’s format is drastically different from most of that business’ previous emails, then it’s probably forged.

URLs or strange “from” email addresses

If you receive an email from “Amazon,” but the email address doesn’t match correctly or seems off in some way, then the email is probably forged. Also, if the email requests that you click a link for an Amazon or other legitimate page, but the URL leads to a different site, beware.

If you receive an email from yourself that you didn’t send.

This is a telltale sign of email forgery.

How to stop forgery

  • Never trust email as authorization of any significant action or activity. If the email prompts you to transfer money or change an access level, call the sender (who you believe is the sender) and verify the email’s validity. Spearphishers can make targeted, forged email messages that are impossible for a lay person to distinguish from legitimate email messages.
  • Use a premium email filtering system that includes SPF and DKIM checking. This type of filtering should help to stop spam and forged emails.
  • Enable SPF, DKIM on all your own domains.
  • Turn off catch-all email aliases.
  • Remove your own email addresses and domain names from your Allow Lists.
  • If you have any doubts about an email, don’t click any included links.
  • Take your time when reading emails: it’s easy to quickly skim an email and click a link without thinking.
  • Use different passwords for each site you visit and use a good password manager to keep them all straight. If one site is compromised, that shouldn’t compromise your other accounts.


Comments are closed.

• Access Anywhere
• Fast and Robust
• Super Secure
• Tons of Features
• Customizable
• Mobile Friendly

Send and receive email from your favorite programs, including:

 Microsoft Outlook
 Mozilla Thunderbird
 Apple Mail
 Windows Mail

... Virtually any program that supports POP, IMAP, or SMTP

Keep your email, contacts, and calendars in sync:

 Apple iPhone and iPad
 Android Devices
 Windows Phone

... Any device with Exchange ActiveSync (EAS) support

Relay your server's mail through LuxSci via smarthost:

• Resolve issues with ISP sending limits and restrictions
• Improve deliverability with better IP reputation and IP masking
• Take advantage of Email Archival and HIPAA Compliance
• Even setup smarthosting from Google Apps!

Free web site hosting with any email account:

• Start with up to 10 web sites and MySQL databases
• DNS services for one domain included
• Tons of features and fully HIPAA capable

LuxSci's focus on security and privacy:

• Read The Case for Email Security
• Read Mitigating Security & Privacy Threats
• Review our Privacy Policy

The most accurate, flexible, and trusted filters in the business:

• Premium protection with Intel Security Saas
• Realtime virus database guards against the latest threats
• Seven-day quarantine lets you put eyes on every filtered email
• Supplement with our Basic Spam Filter for even more features

End-to-end secure email encryption — to anyone, from anyone:

• No setup required — encryption is automatic and easy to use
• Secure outbound email with TLS, PGP, S/MIME, or Escrow
• Free inbound encryption via our SecureSend portal
• Independent of your recipient's level of email security
• Widely compatible and fully HIPAA Compliant

Add an extra layer of security with an SSL Certificate:

• Secure your web site
• Debrand LuxSci WebMail with your own secure domain
• Access secure email services via your own secure domain

Encrypt your service traffic via secure tunnel:

• Add another layer of security to your SSL connections
• WebMail, POP, IMAP, SMTP, web/database access
• SecureForm posts, SecureLine Escrow, SecureSend access
• Restrict your account to VPN access only

Secure long-term message archival:

• Immutable, tamperproof email retention with audit trails
• No system requirements — minimal setup, even less upkeep
• Realtime archival of all inbound and outbound messages
• Works anywhere — even with non-LuxSci email hosting

Free data backups included with all email hosting accounts:

• Automatic backups of all email, WebAides, web/database data
• Seven daily backups and up to four weekly backups
• Unlimited restores included at no additional cost
• Custom backup schedules for dedicated servers

Automate your email management:

• Save messages to specific folders or to LuxSci WebAides
• Advanced text scanning with regular expressions
• Tag messages, alter subject lines, or add custom headers
• Filter by message charset, type, TLS status, DKIM status
• Chain filters together for even more complex actions

• Bulk add and edit users, aliases and more
• Control sharing and access globally or on a granular level
• Delegate user roles through permissions
• Configure account-wide taglines, sending restrictions, and more
• Remotely administer account via SOAP API

Share, collaborate, organize, synchronize:

• Calendars, Contacts, Documents, Notes, Widgets, Workspaces
• Fine-grained access control and security
• Access anywhere via secure web portal or smartphone
• Save over solutions like Microsoft Exchange

Free folder sharing for all email hosting accounts:

• Share mail folders with other users in your account
• Subscribe to only the folders you want to see
• Set read-only or read-write access control
• View all personal and shared folders via unified web interface

Color code and label your email messages:

• Define and assign multiple IMAP keywords to each message
• Filter, search, and sort by tags
• Compatible and synchronizes with any IMAP email client
• Also usable with WebAide entries