Spoofing

When someone sends an email pretending to be sent from someone else, it's called spoofing.

A dirty secret of email is the fact that anyone can send emails from any email address. Spammers and scammers love this.

Imagine this: You're responsible for finances in an organisation. One day you receive an email in your inbox:

  From: boss@bigco.com <John Doe>
  To: bills@bigco.com
  Subject: URGENT, need to pay deposit today

  I just found out we need to pay a deposit to the factory or they'll halt
  production for several weeks. We can't allow that to happen, please transfer
  USD $60.000 to account 1234-56789 ASAP!

  Cheers, John!

This isn't out of the ordinary, and the email is clearly coming from your boss - it's got his email address and name and everything - so you go ahead and transfer the money. Unfortunately, your boss never sent that email, the account wasn't the factorys and the money was never seen again.

The above is an example of spoofing and it happens all the time.

Technologies like DMARC, SPF, and DKIM were invented to combat spoofing.