Email spoofing makes a scam look like it came from your bank, Microsoft, or even yourself. Paste the email below — ScamGuard flags forged senders, lookalike domains and broken authentication in seconds.
Email spoofing is when a scammer forges the From: address so the email looks like it came from a brand or person you trust — your bank, Microsoft, a colleague, even your own address. The technical fix exists (SPF, DKIM, DMARC) but many domains aren't fully protected, so spoofing still works.
(1) Reply-To: differs from From:, (2) sender domain has hidden characters or extra subdomains (e.g. paypal.secure-billing.com), (3) email fails SPF/DKIM in the headers, (4) the brand normally signs all email but this one isn't signed. Paste the email into ScamGuard and we surface all of these for you.
Yes — and they do, in 'sextortion' scams to make you panic that your account was hacked. Your account wasn't hacked; they just forged your address in the From: header. Don't pay. Delete.
Spoofing is the technique (forging the sender). Phishing is the goal (stealing credentials, money, data). Most phishing emails use spoofing.
Publish SPF, DKIM and DMARC records on your domain's DNS, with DMARC set to 'p=reject' once you've verified your legitimate senders. This blocks spoofed mail from your domain at most major mailbox providers.
Yes — paste any suspicious email and we'll flag spoofing signals in seconds. No signup.
1 free check, no signup needed. Then create an account for unlimited investigations.
We use cookies
ScamGuard uses cookies and the Meta Pixel for analytics and to improve scam detection. You can accept or decline non-essential cookies. See our privacy policy.