Information explaining what 'Email Spoofing' is and why it has an impact on Easysite.
What is Email Spoofing?
Imagine a letter addressed to you with the return address of your friend written on the back of the envelope, but when you open the letter you find it is actually junk mail sent from someone you don’t know.
Email spoofing is used to describe email activity in which an email appears to have originated from one source when it was actually sent from another.
Spoofing is a technique often employed in an attempt to trick a user into releasing sensitive information or download malicious software/viruses.
For example if your email domain is “@mycompany.co.uk” and you receive an email from “ITdepartment@mycompany.co.uk” asking for your login details, this might not seem suspicious on first inspection.
The Potential Impact of Spoofing Prevention on Easysite
As email spoofing is often used in a fraudulent manner and poses a significant threat. As a result Mail Authentication is often used a method of preventing spoofed emails reaching users by checking the IP address of the sender against a record of accepted IP addresses.
Imagine the same letter from earlier addressed to you with the return address of your friend written on the back of the envelope. This time there is a post mark that shows that the letter has been sent from a city that your friend does not live in. This might raise suspicion!
For example, in the diagram above, the Easysite server attempts to send an email from the domain “@domain.com” from the IP address (or “Postage Mark” using our letter analogy) 234.45.43.56.
The DNS Server has been told to only approve mail from “@domain.com” if it has come from the IP address 124.23.54.213, and so the recipient never gets the email sent by Easysite.
In Easysite you can specify a default Email “From” Address for the system, site and often individual modules.
If your email address is “someone@domain.com” for example and emails from Easysite are set to come from an email address that also has the domain “@domain.com” ("Sender@domain.com" for example), they may be seen as spoof mail and blocked.
If emails from Easysite are being intercepted as spoof emails, ask your IT department to arrange for emails "from" your email domain to be accepted when they come from the IP address of the Server on which your site is hosted.
Are My Emails Being Blocked as Spoof Mail?
To test this for Form Builder for example, you can try changing the Default “From” Address in System Settings to an email address with a different domain.
If you then receive emails from your form, ask your IT department to arrange for emails "from" your email domain to be accepted when they come from the IP address of the Server on which your site is hosted.
