The reality is that it's impossible to stop email spoofing because the Simple Mail Transfer Protocol, which is the foundation for sending emails, doesn't require any authentication. That's the vulnerability of the technology. There are some additional countermeasures developed to counter email spoofing. Still, the success rate will depend entirely on whether your email service provider implemented them.
Most trusted email providers use additional checks :
* Sender Policy Framework (SPF)
* DomainKeys Identified Mail (DKIM)
* Domain-based Message Authentication
* Reporting & Conformance (DMARC)
* Secure/Multipurpose Internet Mail Extensions (S/MIME).
These tools work automatically, and when used effectively, they immediately disregard spoofed messages as spam.
As an ordinary user, you can stop email spoofing by choosing a secure email provider and practicing good cybersecurity hygiene :
* Use throwaway accounts when registering in sites. That way, your private email address won't appear in shady lists used for sending spoofed email messages in bulk.
* Make sure that your email password is strong and is complex enough. That way, it will be harder for cybercriminals to get into your account and send misleading messages to your contacts.
* Inspect the email headers, especially when someone asks to click on a link. Spoofed emails made by talented attackers can be identical to the genuine ones. They can seem indistinguishable even if you're a long-time user.
