Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

author photo

How to Tell if an Email Has Been Spoofed

by on November 08, 2021
in Computer Safety & Support, Computers and Software, Tips & How-Tos, Privacy, Tech 101 :: 45 comments

Techlicious editors independently review products. To help support our mission, we may earn affiliate commissions from links contained on this page.

There are numerous email scams that land in your inbox every day, from malware-ridden attachments supposedly from a friend to IRS impersonators to blackmailers threatening to expose you for watching porn. And what makes many of these scams harder to recognize is that they rely on a “spoofed” email address to make it appear that they are coming from someone you trust (or even your own email address), rather than a scammer 6,000 miles away. So learning how to tell if an email has been spoofed is critical to protecting yourself.

Part of the reason why spoofed emails are so prevalent is that it is incredibly easy to spoof an address. Any mail server can be set up to send from a given domain (e.g., and there are even websites that will let you send one-off emails using any email address for free. But both of these methods leave telltale tracks that give it away as spoofed.

To find these tracks, you need to look at the email header. The header contains critical components of every email – From, To, Date and Subject – as well as detailed information about where the email came from and how it was routed to you. Importantly, it also contains the results of the verification process your email provider used to determine if the sending server has permission to send using that domain (i.e., Is this server authorized to send emails from

Showing your email headers varies depending on which email service you’re using. For Gmail, open the email and click on the three vertical dots next to the reply arrow and select “Show Original”. For other email programs, you can use this list.

Screenshot of Gmail message entitled  This is real email. Not scam. Honest. with the triple dot menu icon pointed out and a dropdown menu with Reply, Forward, Filter messages like this, Print, Delete this message, Block Josh Kirschner, Report spam Report phishing, show original (pointed out), translate message download message and mark as read.

Below is an example of a spoofed email I sent from an online spoofing service pretending that it came from my own address. Looks pretty real. It says it came from my email address and if I reply, it will go to that same address. In fact, unless it was filtered into my spam box by Gmail, the email will even show up in my Sent folder, which could leave me to believe, incorrectly, that my email was hacked.

But the header information gives it away as spoofed. There’s a lot of technical stuff in here, but you can ignore most of it. The two things that matter the most are the domain name and IP address in the “Received” field and the validation results in the Received-SPF field.

spoofed email header showing email being sent from is (the email spoofing site) in the email header Received field. Also pointed out is the Received-SPF showing as a softfail.

As you can see above, the domain name this email being sent from is (the email spoofing site), not, so that’s a dead giveaway. But if the domain name is similar or it’s listed as just an IP address you should check the IP address, too, and see if that passes the smell test. To do that, go to Domain Tools and enter the “from” IP address in the Received field into the Whois Lookup. When I do that with from the example above, it tells me this is a host called out of the Czech Republic – not what I would expect to see if this were really an email sent by Techlicious.

Next, if we look at the Received-SPF field and see that it is a softfail. Sender Policy Framework (SPF) is a way for a domain (e.g., to specify what servers are permitted to send mail on its behalf. Mail sent from permitted servers will show up as “Pass” in the Received-SPF field, which is a very strong indicator that the email is legitimate. If the results show “Fail” or “Softfail”, that’s a sign the email may be spoofed, though it’s not 100% certain since some domains don’t keep their SPF records up to date, resulting in validation failures.

Taken together, the sending IP address and the SPF validation will give you a very good sense of whether an email truly comes from the person purported to be sending it. And don’t forget to trust your gut. If an email sounds implausible, it probably is. Don’t respond directly or open any attachments. If it is a company, bank or government organization, find their contact information on the web and contact them directly to see if the email is legit.

Updated on 11/8/2021

[Image Credit: BigStock-Woman at Computer]

Discussion loading

lookup list

From james on November 03, 2018 :: 2:55 pm

the list you show is not good for yahoo e-mail.


Here's how to check email header for Yahoo

From Josh Kirschner on November 05, 2018 :: 11:27 am

To see the email header info in Yahoo, open the email, click the three horizontal dots in the menu at the top of the message, and then hit “View raw message”


what if SPF shows pass?

From Petah on March 25, 2021 :: 6:32 pm

does it mean its been hacked?  received more emails while I was on phone to friend checking that they were not real.  They do not show in his sent folder.  I can’t block his address otherwise won’t receive his legitimate emails. what can he do? what can I do?


What if the SPF-receiver is none?

From Lara on November 08, 2018 :: 3:50 pm

The title says it already.


Then it could go either way

From Josh Kirschner on November 09, 2018 :: 12:09 pm

While it is best practice to set up up SPF records for a domain and the vast majority of senders do it, not everyone does. So the SPF will show as “none”. In this case, you can’t confirm that it is legitimate nor tell if it is spoofed from the SPF record. So you should use common sense regarding the content of the email and, if you’re still not sure, contact the sender directly to confirm the legitimacy (and yell at them for not having an SPF record).


Your site froze my desktop!

From john on November 10, 2018 :: 8:09 pm

Too many moving parts on this site/page caused freeze on my mac-mini! Took about 5 minutes just to get here to tell you. I was going to share this on FB and Twitter but wouldn’t want to expose contacts to what seems like a malicious site in itself.


Thanks for letting us know

From Josh Kirschner on November 12, 2018 :: 7:35 pm

We monitor the performance of the site regularly to manage performance across devices. However, it’s possible that one of our ad partners was delivering a new ad that may have impacted performance, especially if you’re running on an old device. I’ll keep an eye on things to see if I can spot the issue. But rest assured, there is nothing malicious going on with the site.


Another Way to Check for Spoofed Email: Return Address of Sender

From Skeeter Sanders on November 12, 2018 :: 4:23 pm

I use Microsoft Outlook (formerly Hotmail) as my primary email service. I’ve noticed that every time I get a “spoofed” email, the sender’s address shows up right in the heading.

I’mot sure if Microsoft’ anti-phishing system is configured to expose the sender’s true email adress to its users, but there have been plenty of instances in which an email supposedly coming from a major company (i.e., PayPal) shows a reutrn address that shows anything BUT “” I immediately report it to Microsoft as a “Phishing Scam,” using Outlook’s drop-down reporting menu.

Microsoft has long had a very aggressive anti-spam filter—far more aggressive than either Gmail or Yahoo Mail—so why would it not also have an aggressive anti-phishing filter that exposes the sender’s true email address? I’ve used Hotmail/Outlook for more than a decade and I’ve never been fooled by spam or malware-infected email.


scam but they mentioned my former password correctly

From JBof4 on November 16, 2018 :: 5:09 am

I too received this email introducing himself, expalining how he hacked my sbc email through router, asking for 800.00 bitcoins, the threats don’t concern me, but the fact he said he would give proof by noting my password at the time of hack, it was correct (well a few letters were missing but he had the remaining exactly.  He said he hacked my email summer 2018.  Im ignorant as to my next steps, change password again, but he said he’s following me and will still get new password, said he’s got access to my camera and takes pic of me.  Creepy.  I know its a scam, Im a middle age mom & do not watch pornography, what worries me, is he referring to my iPhone or Mac or both and how did he get my password, and can he get my new password once I change it?
Thank you.


Not a big deal, unless you're still using it.

From Josh Kirschner on November 19, 2018 :: 1:57 pm

Your password was likely revealed as part of one of the many massive credential hacks that have taken place over the years. I highly doubt your individual system was hacked. I discuss this in more detail in our story on the porn blackmail scam.

If the password he sent you is one that you’re still actively using, however, that is very bad. It means your accounts are highly insecure and you need to change your passwords immediately. Going forward, make sure you always use strong, unique passwords for each of your logins. One of our recommended password managers makes it easy to do that.



From JBof4 on November 19, 2018 :: 2:46 pm

Thanks for your reply.  I just got nervous when he wrote he hacked my email through my router and said not to bother changing my email password because he said he can follow to new password.  It’s no wonder why I’m getting 40-60 scam emails in my inbox recently.


Eu sou um desenvolvedor de software spyware. Sua conta foi invadida por mim no verão de 2018.

From Marcelo Von Atzingen Trevisani on December 06, 2018 :: 2:17 pm

Eu moro aqui no Brasil e recentemente recebi esta ameaça também e me senti terrivelmente ameaçado. Depois eu procurei pelo Bitcoin: 1122NYbAT2KkZDZ5TFvGy4D2Ut7eYfx4en e soube que ja constava na lista do

Isto me tranquilizou um pouco. já estava indo para a Policia Federal do Brazil para fazer um boletim.

Ainda estou assustado, espero que seja mentira mesmo, pois é horrivel se sentir ameaçado.

Marcelo von


IP Blocking of countries

From Jose Hicks on March 01, 2019 :: 3:03 pm

I try to have an optimal configuration in addition to that I have managed to mitigate trying to misuse my mail servers is the blocking of full ranges of addresses ips with which I have no relationship whatsoever. and above all, as you comment, do not forget to trust your instinct. Jose Hicks


Received-SPF pass

From DF on May 14, 2019 :: 9:10 pm

I got a scam email whose “Received” section shows some random website but the “Received-SPF” section shows “Pass”, with additional info including “envelope-from=” followed by yet a third website. Does this mean a scammer did hack a legitimate sender domain to send this? Should this concern me?


Not necessarily

From Josh Kirschner on May 17, 2019 :: 11:49 am

It depends how the SPF records are set up for the domain. If not set up properly, you might see a “pass” even if it shouldn’t be. Without more information, it’s hard to say for sure. Either way, spoofing or hacking, you know it’s not valid so treat it accordingly.


My email spoofed

From Ant on August 11, 2019 :: 11:47 pm

I received a Phishing message in my junk folder from my address plus my profile image. I believe it is spoofed because of the header info. I changed my password. Is there any other course of action I should take?


No need to do anything

From Josh Kirschner on August 13, 2019 :: 10:29 am

If your email has been spoofed (and it sounds likely given what you say about the header info and the fact your email provider sent it to junk), then there is nothing you need to do. Changing your password won’t make a difference since spoofing isn’t account hacking, it’s just someone using a tech trick to pretend to be you.

If your email is a business account, you can prevent spoofing by setting up your SPF and DKIM records properly, but this doesn’t apply to personal email accounts.


hundreds of spam a day all sent to trash

From g saturn on August 13, 2019 :: 4:34 pm

I send hundreds of offers of porn nude pics male enhancement, update car warranty, health, life insurance ( something I looked for on amazon and the insane list goes on. here are some of the spoofed return emails I get.

ManPlus <>
  .(JavaScript must be enabled to view this email address)

to:  .(JavaScript must be enabled to view this email address)

date:  Aug 13, 2019, 2:58 PM
subject:  * Drive Your Partner Crazy in Bed Tonight*
security: did not encrypt this message


reply-to:  .(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address)

to:  .(JavaScript must be enabled to view this email address)

date:  stcroix.raven - SOMEONE TRIED TO LOG INTO YOUR ACCOUUNT Alert: #851
mailed-by:    Standard encryption (TLS) Learn more


Melissa <>,
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),
.(JavaScript must be enabled to view this email address),———————————————————————————

I know they are fake because my son said do not reply you will not get removed from any list you will simply get more. These are in my trash because I filtered with ” is spam, then delete”
here’s the problem Gmail will not delete them they just keep filling my trash day after day most are from the UK.  when you look up how to make them go away forever you get ” click the little upside triangle and click on block to block these or any user you do not want to get email from” its a lie there is no ” block sender” why does Google lie and why do they allow it to keep happening? they can stop some of it but they will not. I think they make money so there will never be a fix. you may write to them, however, they don’t care. the mail will not automatically delete from trash for 30 days. why is it not possible to delete all (since it is only manual), at one time, or set up an auto delete forever?
also, there are many pages when a search is done that have a green box with the word ad in it and you get the following error… This site can’t be reached refused to connect.

Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED. BS, why are they blocking any search?
you can not ask them they never reply, they do not care. any help from anyone would be apreciated. thank you


Don't move spam to trash

From Josh Kirschner on August 14, 2019 :: 3:23 pm

First, you shouldn’t move spam to trash because then it will get mixed with your valid emails when you’re doing searches - just mark it is as spam and it should go to the spam folder. Either way, all messages in your trash and spam folders will autodelete after 30 days. You can always select all and delete everything manually if you want, but I really don’t see why you would bother since the messages are segregated into a spam folder that you would never be interacting with, anyhow.

For blocking senders, open an email and click on the three vertical dots in the upper right and you will see the option to Block “[SENDER NAME]”.



From Ant on August 13, 2019 :: 8:57 pm




From tazmo8448 on October 17, 2019 :: 3:42 pm

One way I use is to hover over the sender and see if it looks legit. If it doesn’t I send it to the company it is trying to spook like spoof at paypal dot com.


Received field

From Dan Chien on October 25, 2019 :: 10:57 pm

First, this is in US patent 9674145.
There are many Received. Attacker may inject a Received in the header.  The one you need to look is the last one (usually the first one at top) that is written by your SMTP.




spoof using ReplyTo or Return-Path

From DouInAmbler on April 10, 2020 :: 12:59 pm

A friend with Yahoo mail sends a legit email, but my reply gets strangely addressed to ‘uniforeverom at gmail’, which neither of us have ever heard of.
This problem can be seen in the header at “return-path=uniforever….”.
He found and deleted the unwanted ReplyTo option, and his next email was “clean”. But 30 minutes later the bogus To: address was back. There must be malware periodically resetting this parameter?
Very bad because all cc addresses plus email content is sent to parts unknown via hasty ReplyAll. Any history of this? I couldn’t find. Thanks


Email hacked?

From Josh Kirschner on April 10, 2020 :: 5:12 pm

Assuming he changed his reply to address in the Yahoo Mail settings ( and it still changed back, then the only other answer I have is that his email may be hacked. And whoever hacked it received a notification of the change and reset it. Your friend should definitely take the steps we outline for what to do when your email gets hacked.

I don’t have a good alternate answer for you.


ReplyTo spoof, correction

From DougInAmbler on April 10, 2020 :: 1:03 pm

Correction: the header shows parameters:
Return-Path: (legit name)
Reply-To: (bogus name)


If opinion is allowed here,

From DougInAmbler on April 10, 2020 :: 1:57 pm

If opinion is allowed here, I think the “Reply-To” email setting is an unnecessary vulnerability for individuals.

My understanding is that the only legit use is for bounced emails, so the bounces go to a separate mailbox typically within your organization. Furthermore it only makes sense to use it when sent from a “no-reply” mailbox, because a “manual” reply address would look surprising unless it closely resembled the original. And it’s extremely suspicious if the Reply-To address goes to a strange name in a different domain (like in my case comes in from @yahoo, goes back to @gmail.)

Therefore it’s only of use to bulk-mailers, spammers, and (legitimately) to owners of larger private email groups who want this convenient way to find bounces (there are plenty of other ways).

Outgoing SMTP servers should detect a domain-mismatch, at least, in the Reply-To parameter in the header, and flag the email before sending.


Reply-To spoof

From DougInAmbler on April 10, 2020 :: 2:26 pm

A very legit use of Reply-To is when we join email lists. All our replies must be directed not to the sender but to the group. But that still does not make it a good setting in an individual’s account.


Reply-To spoof?

From DougInAmbler on April 10, 2020 :: 6:51 pm

Josh, thanks. My friend is elderly and remote, hard to help. I have told him to scan, and of course change Yahoo password. Results may come tomorrow, he is in Asia.
I will update with the outcome.


mail by my domain

From dona on June 26, 2020 :: 9:27 pm

so i got an email from someone from my own domain it says mail-by sign by Hotmail
and as I said I checked original header I found my webmail Ip.. as long as I know I set my spf records to reject and all did as it supposes to be..  some spoor guy send me an email from my own domain ..t says mail by my own is there any way to stop they do that?


Question about forwarded emails

From Gordon on July 30, 2020 :: 1:20 am

Hi Josh,

Great piece. Very useful.

Question: is it possible to find the domain/IP and Received field info in an email that has been forwarded to you?

I’m looking into a phishing case and asked the victim to send me an email from the person conducting it. When I look into the header of the email the victim sent me I only see info about the forwarder, not the original sender.*

Is there a way to dig deeper?

Any help would be appreciated.


(* To view the full header I forwarded the forwarded email to my own Gmail account because that’s how I know to look at a full header. Can’t do it in Protonmail.)


Not usually possible

From Josh Kirschner on July 30, 2020 :: 10:03 am

From what I’ve seen, the original sender info doesn’t get transferred when someone forwards a message to you. The best option is probably to have the victim screenshot the info and send it to you. Though, realistically, I would be surprised if the person doing the phishing wasn’t using TOR or a VPN to anonymize their location.


Forwarded emails

From Gordon on July 30, 2020 :: 7:26 pm

Thanks, that’s what I thought…
I also suspect the phisher would be disguising their origin and identity but I need to confirm that.
I already know they have cloned two email addresses to look like Yahoo addresses but they have both been spoofed. I’m trying to work out what the real addresses are.
Cheers and thanks for your time. I’m learning a lot from this site. I teach fact checking and verification to journalism students and this stuff is very useful.


Let me clarify my response

From Josh Kirschner on July 31, 2020 :: 1:23 am

Since you teach fact checking, I need to fact check my earlier answer, which wasn’t quite accurate. It is likely that the sender is using an anonymizing service, like TOR, to access the sending account (to avoid tracing by law enforcement). But the email header wouldn’t contain the IP address associated with the sender’s IP address (hidden or otherwise); it would have the IP address/domain of the sender’s email server. That server would almost certainly be another dead end, since it was probably hacked or set up on a sketchy shared server provider and hidden behind an anonymous registration. Though you could always get lucky….

kinda ironic

From Micki on September 25, 2020 :: 3:28 pm

So I get this email from this morning with the following subject title:

“How to Tell if an Email is Real of Spoofed”

Yes - typo included!  I chuckled because the first thing I look for in an email that’s trying to get me to click on links is GRAMMAR and SPELLING!

So I did not click on this particular email’s link - instead, I just went to to send you this comment.

Thanks for the smile today!


Spoof MY email

From Melle on October 20, 2020 :: 8:56 pm

Hi, I received an email addressed to .(JavaScript must be enabled to view this email address).  I dont have aol. It showed up in a personal email that I do NOT use for sales-y stuff and never get spam.  When I try to dig into the actual address that it was sent to, I cannot find anything.  Im sure its spoofed but I’m used to seeing this on the FROM field, not TO.  How do I verify?


Googles Header analyzer tool

From Ronnie Walker on October 30, 2020 :: 7:08 am

I used the tool on an email in my inbox not spam or junk folder and the results come back as being sent from google

Here is the header

Will send header over next two post to long to put in one comment

Delivered-To: .(JavaScript must be enabled to view this email address)
Received: by 2002:a05:6504:1389:0:0:0:0 with SMTP id k9csp822192lto;
      Wed, 28 Oct 2020 15:49:13 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJy+l41b7KnNPYWAgmqCfM5sdYMCJbkOEWfBtGM8EduYFZIi91MMz6cPfVXGDzEEFZVLWknQ
X-Received: by 2002:a9f:2261:: with SMTP id 88mr1460064uad.32.1603925353509;
      Wed, 28 Oct 2020 15:49:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1603925353; cv=none;; s=arc-20160816;
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arc-20160816;


Googles Header analyzer tool #2

From Ronnie Walker on October 30, 2020 :: 7:14 am

ARC-Authentication-Results: i=1;;
    dkim=pass header.s=20161025 header.b=“W2C9/WKO”;
    spf=pass ( domain of .(JavaScript must be enabled to view this email address) designates as permitted sender);
    dmarc=pass (p=NONE sp=QUARANTINE dis=NONE)
Return-Path: <>
Received: from ( [])
      by with SMTPS id h5sor348115vsm.22.2020.
      for <>
      (Google Transport Security);
      Wed, 28 Oct 2020 15:49:13 -0700 (PDT)
Received-SPF: pass ( domain of .(JavaScript must be enabled to view this email address) designates as permitted sender) client-ip=;
    dkim=pass header.s=20161025 header.b=“W2C9/WKO”;
    spf=pass ( domain of .(JavaScript must be enabled to view this email address) designates as permitted sender);
    dmarc=pass (p=NONE sp=QUARANTINE dis=NONE)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025;
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025;
X-Gm-Message-State: AOAM5322+yZCcBIh/4JlUjAAf5e8SbIvPWe1+AZTAxjyMuD+2QLutv15 XBbR3zHS3xX9y6iCoSFIpCQB14GzO7PR3m19UzE=
X-Received: by 2002:a05:6102:3c8:: with SMTP id n8mt1239210vsq.31.1603925353150; Wed, 28 Oct 2020 15:49:13 -0700 (PDT)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: Stephanie Ly <>
Date: Thu, 29 Oct 2020 04:49:01 +0600
Message-ID: <>
Subject: Re:
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary=“000000000000ec68f705b2c2f8ce”
Bcc: .(JavaScript must be enabled to view this email address)


Googles Header analyzer tool #3

From Ronnie Walker on October 30, 2020 :: 7:15 am

Content-Type: text/plain; charset=“UTF-8”
Content-Transfer-Encoding: quoted-printable

On Thu, Oct 29, 2020 at 4:47 AM Stephanie Ly <> wrote=

> *Hey baby I just started telling you about myself and what my plans are I
> want one woman I want I’m a ladies man and you know I want a relationship
> I’m fixing to buy a house in another year I’m in recovery I don’t drink.
> But it’s cool if you drink I don’t drink or drugs no no good but I*
> *=F0=9F=91=97=F0=9F=91=99=F0=9F=91=99=F0=9F=91=9D=F0=9F=92=AC=F0=9F=97=A8=
> *  Sent from my iPhone   *

Content-Type: text/html; charset=“UTF-8”
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr”>
<div class=3D"gmail_quote”><div dir=3D"ltr” =
class=3D"gmail_attr”>On Thu, Oct 29, 2020 at 4:47 AM Stephanie Ly <<a ></a>> wrote:<=
br></div><blockquote class=3D"gmail_quote” style=3D"margin:0px 0px 0px 0.8e=
x;border-left:1px solid rgb(204,204,204);padding-left:1ex”><div dir=3D"ltr”=
><div style=3D"text-align:center”><font color=3D”#444444”>Hey baby I jus=
t started telling you about myself and what my plans are I want one woman I=
want I'm a ladies man and you know I want a relationship I'm fixin=
g to buy a house in another year I'm in recovery I don't drink. But=
it's cool if you drink I don't drink or drugs no no good but I</fo=
</div><div style=3D"text-align:center”><font color=3D”#444444”><b=
</div><div style=3D"text-align:center”><font color=3D”#4444=
</div><div><div style=3D"text-align:center”><font col=
</div><div style=3D"text-align:center”><font color=
</div><div style=3D"text-align:center”><font=
color=3D”#444444”>=C2=A0 Sent from my iPhone=C2=A0 =C2=A0</font>



Kolkata Escorts | High Profile Escort Services in Kolkata

From Tannu Singhal on September 26, 2021 :: 7:25 am

Tannu Singhal Escorts Kolkata. Our Elite call girls and VIP escorts Kolkata are waiting to give ultimate kind of sexual pleasure with kinky essence of exoticness.


received from not a match, spf pass

From justina on December 02, 2021 :: 4:41 am

my Received from says google, but the sender domain is not google, its their website name. but the SPF says pass. does this just mean they are hosted by google? or that they have a personal email this is forwarded to?? also every time i look up the ip on different sites, i sometimes get different locations but it says google on the reverse lookup

i am new to this, learning as i go, so hopefully i provided the right information and its not a silly question..


Please help

From dawn chappel on July 28, 2022 :: 10:28 am

This person hacked into my back account


ARC-Authentication-Results: i1;;

dkin pass heuder.ssl header.b-KoPVVpt; dkim=pass header.i=@sender header.smtpapi head.b-Cox,

spf-pass ( domain of designates 167 89.21.38 as permitted winder) st dman-pass ( BEJECT spaNNE di=NONE) freader from

Return-Path: <bounces+1381784-bces .(JavaScript must be enabled to view this email address) Received: from ( [

by with FSHTPS k1251502896pk 145.2021 for .(JavaScript must be enabled to view this email address)>

(version=TI 1-3 cipher-TUS_AES_178 GCM_SHA256 bits=128/128);

Fri, 11 Jun 2021 00:01:05 0700 (PDT) Received-SPF: poss ( domain of bounces 1381200-125 pikitten Cominal designates 167 m.21.30 a permitted sender)


dkimepass .(JavaScript must be enabled to view this email address) header.sss reader.b-kohvat;

dkim-pass header sendgrid Info ader.s-sinspapiider, 5-015qoui spf=pass ( domain of bounces+1381704 bces-artkitter .(JavaScript must be enabled to view this email address)/designates as permitted under) sp

dmarc-pass (DREJECT sp=NONE UE) DKIM-Signature: v 1; a=rsa-sha256; c=relaxed/relaxed;, -content-transfer-encoding:content-type from mire version:subject:

x-feedback ditug s=s1; bh=pacpte TVBBMeAuvox 32T SEzXu Berishibor=;

b-KPVhVptver V6U833my1zqk2Ukpmg/Yx37, NO±6ka=ySTOTYRT IbeGqEAUPatting Voi3d5apexjOFE

DKIM Signature: v=1; a=rsa-sha256; relased/relaxed; desenegrid_res hecontent transfer-encoding:content-type: from mixer Coruj


VYY 2m WTQ&Mohdintys; EevZP2xeaked twgyE5nk/G=1VUBA VALDXXG

B How



Contents of old mails sent

From JAMES N on March 22, 2023 :: 5:45 am


I keep receiving mail from people I know and also strangers with spoofed email IDs.
The issue is the content of emails, which are from different email addresses that I sent emails to years ago, and contain the content I have sent out in the original mail to the sender.
So someone has my mail contents and is using them as a template to phish.
how can this happen?


Have you changed your password?

From Josh Kirschner on March 22, 2023 :: 11:53 am

It’s hard to diagnose what is actually happening without seeing the specific emails in question. However, if there is something going on that makes you think someone has access to your email content, the safest thing to do would to follow our advice on securing your email in our story on What to Do when Your Email Gets Hacked.


From Mark Anderson on August 29, 2023 :: 4:03 am

Thanks for the article, most interesting.

As you say the SPF is not a particiualry accurate means of validating an email as it is a bit of a lottery.

I am however interested in the Receive: from field.

Could you let me know if that field is Always accurate ?

For example
If .(JavaScript must be enabled to view this email address) sends an email
or .(JavaScript must be enabled to view this email address) sends an email

is that field guaranteed to contain
respectively ?

If say a scammer sent an email to .(JavaScript must be enabled to view this email address) from an email I recognize, say .(JavaScript must be enabled to view this email address)
but his SMTP is
Is it guaranteed that the Receive: from fleld will contain and there is no way that can be fiddles with ?

Thank you


Received from field Question

From Mark Anderson on August 29, 2023 :: 4:12 am

I am trying to post a message gere but your server keeps timing out.


Love getting helpful tech tips? Subscribe to our free newsletter!

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.