Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Distributors of spam often use spoofing in an attempt to get recipients to open, and possibly even respond to, their solicitations. However, spoofing anyone other than yourself is illegal in some jurisdictions.
Email spoofing is possible because Simple Mail Transfer Protocol (SMTP), the main protocol used in sending email, does not include an authentication mechanism (other than a Reverse DNS Lookup). Although an SMTP service extension (specified in IETF RFC 2554) allows an SMTP client to negotiate a security level with a mail server, this precaution is not often taken. If the precaution is not taken, anyone with the requisite knowledge can connect to the server and use it to send messages.
To send spoofed email, senders insert commands in headers that will alter message information. It is possible to send a message that appears to be from anyone, anywhere, saying whatever the sender wants it to say. Thus, someone could send spoofed email that appears to be from you with a message that you didn't write.
Although most spoofed email falls into the "nuisance" category and requires little action other than deletion, the more malicious varieties can cause serious problems and security risks. For example, spoofed email may purport to be from someone in a position of authority, asking for sensitive data, such as passwords, credit card numbers or other personal information - any of which can be used for a variety of criminal purposes. The Bank of America, eBay, and Wells Fargo are among the companies recently spoofed in mass spam mailings. One type of email spoofing, self-sending spam, involves messages that appear to be both to and from the recipient.
groupaaa.com offers Web Hosting in Pakistan, One of Top quality Web Hosting Services Provider in Pakistan, Email Hosting with reliable servers
It is also common for a virus to spoof email addresses in the address book of your email program after infecting a PC. A mass-mailing worm can select from a list of email subjects in the address book, message bodies and attachment file names for its email messages. It spoofs the sender name of its messages so that they appear to have been sent by different users instead of the actual users on the infected machines. Then when the message fails, public records would route the error back to your inbox.
SMTP authentication verifies that a user must have a user name and password to send a message through the email server that your domain is hosted on. Any online user can spoof any email address from any computer, but with SMTP authentication turned on, they would not be able to send a message thru your email server.
Most large email providers are now filtering for SPF (Sender Policy Framework) which does not accept a message unless it verified by hte Domain Name Servers (DNS). However, there are still some servers that do accept messages without SPF and therefore, it is still possible for someone to be able to spoof your email account.