How to Spot Any Spoofed & Fake Email (Ultimate Guide)

YOU’LL NEVER GET TRICKED AGAIN! (Scammers will hate this)
⇒ Become a channel member for exclusive features! Check it out here:

▼ Time Stamps: ▼
0:00 – Intro
1:49 – The “From” Domain
7:17 – The Reply-To Field
10:07 – Mailed By & Signed By
12:16 – Authentication Headers (Basics)
16:49 – SPF
17:47 – DKIM
21:32 – DMARC
23:46 – How SPF Works
24:59 – How DKIM Works
26:59 – How DMARC Works
27:53 – WHY BOTHER?

Merch ⇨

My Gear & Equipment ⇨


21 thoughts on “How to Spot Any Spoofed & Fake Email (Ultimate Guide)”

  1. Well this video ended up being way longer and way more work than I thought (I believe it’s the longest serious video I’ve ever made). Be sure to like it because if it flops I'm going to stick my head in the Large Hadron Collider

  2. You said we could playback the video at a faster playback speed, so I decided to watch it at a quarter of the playback speed.

  3. The reason for some scam emails looking stupid, is because the scammers are after stupid people, as stupid people are easier to scam than smart ones.

  4. This is exactly why the Internet is becoming useless. Can you imagine trying to explain this to your mother or grand father. Guess who is more often caught by scammers and why from their perspective is to just not use the internet for fear of being ripped off. So they go to their bank and get told they have no choice but to use the internet. Why would you want to go through a gang pad or similar risky area to get to a shop, you simply wouldn't go to the shop for fear of what you might attract on the way. Its a pain in the arse that the world is full of these bastards who are ruining a good idea that can be really helpful but no nobody trusts anything on that service Doh!

  5. Gmail also does not follow all of the email address rules. For example, an email address with periods in it, has them ignored and sent to an email address without them, or vice versa.
    Many mail servers also fail to recognize concatenation, the use of the + sign will result in the valid address being called email.
    You'd at least expect Google to read and follow the standards!

  6. Mind the first doesn't mean it's a scam per se, as many very small companies (certainly around here) don't have a registered domain to use.
    But in combination with other flags, it's a good indicator.

  7. If it’s helpful, I can confirm that the default Mail app on the Mac does show the reply-to address by default. It’s just listed there automatically with no clicking or anything.

  8. Any communication from a business, will be contacted by my standard method not using the message.

  9. Wait a moment. You showed the "impersonated" Cyrillic a in the recipient name part of the RFC 5322 e-mail address, which is valid and compliant with RFC 5322 (this is, in fact, urlencoded during storage and transfer). What isn't compliant, is the Cyrillic part in the domain part, because per RFC the domain must be a valid DNS domain written with ASCII characters. IDNs are supported, but only in punycode (xn-- version) – mail exchangers are required to refuse processing any e-mail with non-ASCII characters in domain part (because as part of message forwarding process, there is a name resolution using standard DNS. DNS names cannot contain any urlencoded characters, because even the percent sign is an illegal DNS domain character (has special meaning, but this is irrelevant).

    Basically the test you performed around 5:00 is ill-formed, so it doesn't prove anything. This could be relevant if someone already had the possibility to register a mailbox on the same domain a person already has, with similar characters. (And most e-mail hostings actually block non-ASCII characters in recipient names anyway.)

Leave a Reply

Your email address will not be published.

Related Post