With the way that SMTP works, anyone anywhere can specify any email address as their From address as long as they have a mail server that allows them to do so. From address may be completely false or even non-existent.

Note: There is no way to prevent other people from using your email address. There are no services that can completely prevent spammers from using your email address since they are using a different mail server. Smarsh Hosted Services has no control over it. However, you may want to protect your account using the following methods.

Typical spoofing situations

In general, there are two situations that can make you aware that your email address was spoofed:

  • You receive undeliverable bounce back emails or replies to messages you didn't send:
    There is no way to prevent the bounce back messages from coming to you. If a message gets returned to the sender, it goes to the actual holder of the From address, regardless of who sent it. Similarly, when someone replies to a message, it always goes to the reply-to address.
  • You receive messages with your email address in the From field (or in both To and From fields):
    Make sure that your domain and/or email address is not added to safe list either in Outlook or OWA:
  • Remove your domain from:
    • Email Protection Safe Senders List.
      Email Protection Safe Senders List

    • Personal Safe Senders List
      Personal Safe Senders List


  • Users can access their personal Safe Senders List by clicking the Manage quarantine email or Manage safe/blocked lists buttons from any of the Quarantine reports.
  • Some spammers can specify your address as both From and To addresses, so you will receive the message in any case (even if it bounces).

Read the Wikipedia® article on Backscatter (e-mail) for more information about backscattering.

Go back to top

SPF DNS record

In such situations, the creation of an SPF DNS record for your domain is recommended. SPF helps mail servers distinguish forgeries from real mail by making it possible for a domain owner to specify the IP addresses/servers from which mail can be sent. That way, if any other machines try to send mail from that domain, the recipient mail server knows that the From address is forged.

Failed SPF validation will add supplementary spam score to the spoofed email and this will increase the chances that this email will be delivered to Junk.

Note: SPF is designed to check the domain listed in the Envelope-from address, rather than the From address. Spoofers will exploit this by using a domain without SPF records as the Envelope-from and using the recipient domain in the From address.

Read the Knowledge Base article on What is an SPF record? How Do I Change It? for more information.

Go back to top

Blocking spoofed emails

Email Protection Lite

With Email Protection Lite, you have the following options to stop the Header from spoofing:

  1. If you only have Exchange mailboxes on the account, add your own domain to the Blocked Senders list. 
  2. Add any external senders that should legitimately be able to send as the domain to the Safe Senders lists. This will override the domain-wide Blocked Senders list. If the external senders are SMTP-applications (e.g. printer, web form, etc.) it is advised to add the sending IP address to the Safe Senders list.

Email Protection and Email Protection + DLP

With Email Protection Full and Email Protection + DLP, you have the option to enable the anti-phishing check Emails from domains that match your domain. The following check can be used to help detect and protect against phishing, spear-phishing and spoofing attacks

Refer to the article Email Protection: Managing Anti-Phishing And Anti-Spoofing Policies for additional information

Go back to top