Mail Spoofing: Why You Can't Trust the 'From' Field

Start a terminal. Type a few commands. Press Enter. Congratulations, you just sent an email that appears to come from elon@tesla.com.
This is Mail Spoofing, and it's terrifyingly easy because the system we use to send email (SMTP) was built in 1982, when the internet conflict consisted of three guys in a basement who trusted each other.

The Postcard Problem

Imagine a physical postcard. You write the message, you write the recipient's address, and in the "Sender" corner... you can write whatever you want. The postman doesn't check your ID.
SMTP works exactly the same way. It does not verify that you are who you say you are. This is why phishing works so well: the email looks real because the protocol allows it to be fake.

The Defense Trio: SPF, DKIM, DMARC

To patch this ancient hole, we invented three bandaids that work together:

1. SPF (Sender Policy Framework): A list of IPs authorized to send mail for a domain. "Only these servers can send mail for @kairosci.dev."
2. DKIM (DomainKeys Identified Mail): A digital signature attached to the email. "This email was definitely not modified in transit."
3. DMARC: The boss. It tells the receiver what to do if SPF or DKIM fail. "If the check fails, throw it in spam."

How to Protect Yourself

If you are a user: Never trust the 'From' name. Look at the metadata (headers) if you are suspicious.
If you own a domain: Configure DMARC. Without it, anyone can pretend to be you. It's not optional anymore; Google and Yahoo are starting to block domains without it.

Email is the backbone of our digital identity, but it's built on a foundation of sand. Trust nothing. Verify everything.