Email Spoofing & Backlashes

The email service is a core platform for Mass communication as a consequence of which, it becomes central Target of all the social engineering and phishing attacks. As a consequence, attackers can try to impersonate or fake a trusted identity to carry out highly sophisticated and deceptive phishing attacks via Email Spoofing. In this work, we analyze: (1) how different Email providers detect and deal with such attacks? (2) Existing protection techniques and what is its scope of effectiveness? (3) Under Which conditions do spoofed emails reach inbox and its potential consequences? (4) Best practices and Adaptability apart from existing methods to remain secure. We address this concern by considering the parameters of top 25 email services (Used by more than billions of users) and also real world experiments. The existing protocols, security layers and the restrictions based on detection methods. The scale of implications by allowing the forged emails to enter the inbox despite getting detected by layers of SPF, DKIM, DMARC and ARC. The extent of problems caused in different paradigms, and the potential of having just SMTP implemented without any additional security layers within the domains. The impact of Misleading UI for allowed spoofed emails by providers is also discussed briefly. We observe the impression of security when users are caught off guard in real world testing on domains (eg. Gmail, Hotmail, Yahoo mail, etc ) by simple platforms to spoof (eg. emkei.cz) apart from discussing the anomalous behavior of gmail as a response. We have conducted experiment to analyze behavior of top email domains against spoofed emails of various types