How to Spot Any Spoofed & Fake Email (Ultimate Guide)

YOU’LL NEVER GET TRICKED AGAIN! (Scammers will hate this)
⇒ Become a channel member for exclusive features! Check it out here:

▼ Time Stamps: ▼
0:00 – Intro
1:49 – The “From” Domain
7:17 – The Reply-To Field
10:07 – Mailed By & Signed By
12:16 – Authentication Headers (Basics)
16:49 – SPF
17:47 – DKIM
21:32 – DMARC
23:46 – How SPF Works
24:59 – How DKIM Works
26:59 – How DMARC Works
27:53 – WHY BOTHER?

Merch ⇨

My Gear & Equipment ⇨


21 thoughts on “How to Spot Any Spoofed & Fake Email (Ultimate Guide)”

  1. ThioJoe says:

    Well this video ended up being way longer and way more work than I thought (I believe it’s the longest serious video I’ve ever made). Be sure to like it because if it flops I'm going to stick my head in the Large Hadron Collider

  2. Philball Animations says:

    1:10 is so funny

  3. Brenton Stumpf says:

    You said we could playback the video at a faster playback speed, so I decided to watch it at a quarter of the playback speed.

  4. Julio says:

    Very thorough video! Thanks!

  5. Arclamp says:

    you cant decrypt with public keys. you can only encrypt. that's why they are secure. 25:30

  6. MiKEY SANZ says:

    will watch this later can't rn

  7. John Hall says:

    The reason for some scam emails looking stupid, is because the scammers are after stupid people, as stupid people are easier to scam than smart ones.

  8. NiceOwl84 CGP says:

    Soy boy.

  9. Campbell Morrison says:

    This is exactly why the Internet is becoming useless. Can you imagine trying to explain this to your mother or grand father. Guess who is more often caught by scammers and why from their perspective is to just not use the internet for fear of being ripped off. So they go to their bank and get told they have no choice but to use the internet. Why would you want to go through a gang pad or similar risky area to get to a shop, you simply wouldn't go to the shop for fear of what you might attract on the way. Its a pain in the arse that the world is full of these bastards who are ruining a good idea that can be really helpful but no nobody trusts anything on that service Doh!

  10. Neal Hart says:

    Really good video!

  11. Joshua Vines says:

    Try using Thunderbird for your experiments.

  12. Lyfan Deth says:

    Gmail also does not follow all of the email address rules. For example, an email address with periods in it, has them ignored and sent to an email address without them, or vice versa.
    Many mail servers also fail to recognize concatenation, the use of the + sign will result in the valid address being called email.
    You'd at least expect Google to read and follow the standards!

  13. Dhruva Padaki says:

    I need this guy to be my teacher, never could I pay attention for a whole half hour

  14. CaptainDuckman says:

    Mind the first doesn't mean it's a scam per se, as many very small companies (certainly around here) don't have a registered domain to use.
    But in combination with other flags, it's a good indicator.

  15. PurpleMornings says:

    The stock video search labels are so funny my god

  16. Retro Jack says:

    Sadly, the people most likely to be caught by scammers won't understand a word of this video.

  17. ArcusM says:

    If it’s helpful, I can confirm that the default Mail app on the Mac does show the reply-to address by default. It’s just listed there automatically with no clicking or anything.

  18. Glen Woodfin says:

    Strong content delivered well.

  19. William Wenrich says:

    Any communication from a business, will be contacted by my standard method not using the message.

  20. Łukasz Chrobak says:

    Wait a moment. You showed the "impersonated" Cyrillic a in the recipient name part of the RFC 5322 e-mail address, which is valid and compliant with RFC 5322 (this is, in fact, urlencoded during storage and transfer). What isn't compliant, is the Cyrillic part in the domain part, because per RFC the domain must be a valid DNS domain written with ASCII characters. IDNs are supported, but only in punycode (xn-- version) – mail exchangers are required to refuse processing any e-mail with non-ASCII characters in domain part (because as part of message forwarding process, there is a name resolution using standard DNS. DNS names cannot contain any urlencoded characters, because even the percent sign is an illegal DNS domain character (has special meaning, but this is irrelevant).

    Basically the test you performed around 5:00 is ill-formed, so it doesn't prove anything. This could be relevant if someone already had the possibility to register a mailbox on the same domain a person already has, with similar characters. (And most e-mail hostings actually block non-ASCII characters in recipient names anyway.)

  21. Roland Sternfels says:

    Just don't click links or attachments unless you were expecting it.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post