Can a spoofed email actually come from my own address?

Yes. This is called 'Self-Spoofing' and is often used in sextortion scams to make you think your account was hacked, even if it wasn't.

How do I check the REAL sender of an email?

On a computer, click 'Show Original' or 'View Source' in your email client. Look for the 'Authentication-Results' header to see if SPF and DKIM passed.

Is it safe to reply to a spoofed email?

No. Replying confirms to the scammer that your email address is active and monitored, which will lead to even more targeted phishing attempts.

Sender Verification

Verify the true identity of an email sender.

Email spoofing is the creation of email messages with a forged sender address. Scammers use this technique to trick victims into thinking a message came from a trusted source, like a bank, a colleague, or a government agency.

Security Insight

Email was not designed with security in mind. By default, the 'From' field in an email can be set to anything the sender chooses. Over 25% of all phishing emails successfully spoof a legitimate brand's display name.

Identifies 'Display Name' spoofing

Checks for lookalike domains

Analyzes hidden Return-Path headers

Analyze an Email Sender Spoofing Safety Guide

How to spot a Spoofed Email

The name you see in your inbox isn't always the person who sent the message. Watch out for these common forging techniques used by attackers.

The 'Display Name' trick

The sender name says 'PayPal Security' but the actual email address is 'security-alert-882@gmail.com'. This is the most common form of spoofing.

Lookalike Domains (Typosquatting)

The email address looks correct at first glance, like 'billing@microsoft-support.co' instead of 'billing@microsoft.com'.

The 'Reply-To' mismatch

The 'From' address looks legitimate, but when you click 'Reply', the destination address changes to a completely different, random email.

Homograph Attacks

Using international characters that look identical to Latin letters, like replacing an 'o' with a Cyrillic 'о'. Your browser might show 'apple.com' but it's a different site.

What IsThisSpam checks before you trust a sender

Quick verdicts are useful, but the real value is understanding why something looks safe, uncertain, or risky.

Failed SPF or DKIM checks

Technical signatures (SPF and DKIM) that prove an email actually came from the server it claims to. If these fail, the email is likely forged.

Generic Greetings

Spoofed emails often use 'Dear Customer' or 'Valued Member' because the attacker doesn't actually know your name.

Urgent 'Security Alert' context

Claiming your account will be deleted or your funds frozen to panic you into following the instructions in the forged email.

Return-Path Mismatch

In the email headers, the 'Return-Path' (where bounce messages go) doesn't match the 'From' domain. This is a massive red flag.

Related guides

Use the checker for the fast answer, then read the deeper guidance for recurring scam patterns.

Email Header Analyzer

Deep dive into the technical metadata of your emails.

Read the guide

What is Email Spoofing?

A comprehensive guide on the mechanics of forged communications.

Read the guide

FAQ

These are the questions people usually ask right before they click, reply, or pay.

Need help with what to do next?

Beta

Create a free Scam Fightback Plan

Get personalized steps, official reporting links, and an evidence checklist. This beta tool is free and does not require sensitive data.

Build a Fightback Plan

Got a screenshot or attachment? Our AI can analyse it.

Free scan first, deeper analysis when you need it

Check the sender before you trust the message.

Start with a fast scan, then move to SuperScan when the message involves money, account access, or sensitive documents.

Analyze an Email Sender Spoofing Safety Guide