Back to Glossary
Compliance & Legal

Phishing

Fraudulent emails impersonating legitimate senders to steal personal information or credentials.

Definition

Phishing is a type of cyber attack using fraudulent emails (or other communications) that impersonate legitimate senders to trick recipients into revealing sensitive information like passwords, credit card numbers, or personal data. Phishing emails often mimic trusted brands, create urgency, and link to fake websites. Email authentication helps prevent your domain from being used in phishing attacks.

Why It Matters

For email marketers, phishing matters in two ways: protecting your subscribers from attacks impersonating your brand, and understanding why email authentication is essential. Phishing can damage brand trust, even when you are the victim. Proper DMARC setup prevents attackers from spoofing your domain.

How It Works

Attackers send emails appearing to come from trusted sources (banks, services, brands). These emails typically create urgency ('Your account is compromised!') and include links to fraudulent websites designed to capture login credentials or personal information. Without email authentication, attackers can spoof any domain.

Best Practices

  • 1Implement SPF, DKIM, and DMARC to prevent domain spoofing
  • 2Educate subscribers about how you will (and will not) contact them
  • 3Never ask for sensitive information via email
  • 4Use consistent branding so subscribers recognize legitimate emails
  • 5Monitor for brand impersonation attempts

Frequently Asked Questions

DMARC tells receiving servers to reject or quarantine emails that fail authentication but claim to be from your domain. Without DMARC, anyone can send emails appearing to come from your domain. With DMARC enforcement, spoofed emails are blocked.

Report to your email provider and relevant authorities. If you have DMARC with p=reject, spoofed emails should be blocked. Alert your customers if the attack is widespread. Use DMARC reports to identify the source.