It’s not the only thing that email providers use to determine if an email is suspicious, but it’s one of the more important checks they do.While email is slowly being replaced by other forms of communication such as text messaging, or services like Slack, it is still the main way people do business. If they don’t match, especially if they’re from completely different domains, that’s a red flag. One of the things these companies look for is that the “From” address matches the “Sender” address. Your email provider, be that Microsoft, Google, Apple, Yahoo, or any other provider, scans the email headers of every email you receive. RELATED: How Scammers Forge Email Addresses, and How You Can Tell Scammers set up their SMTP servers to allow all of their emails though, forcing large providers like Google and Microsoft into a constant arms race to detect and stop scam and phishing emails from getting into your inbox. Scammers and phishers don’t use the big providers-they set up their own SMTP servers and send emails through those instead. Large email providers have all kinds of checks and protocols to try to find spam and phishing emails, including emails sent from a fake address. How Do Scammers Use Fake “From” Addresses? Check your provider’s terms first though, as some might have a provision against doing this. The easiest way to find out is to try it in Outlook and see what happens. Other email providers will usually handle emails with the “wrong” address in a similar way to either Google or Microsoft. The server will then send the email to the recipient, regardless of whether you’ve added the account to Outlook. However, if your company uses a Microsoft Exchange server to handle its email, it’s normally configured to allow you to send an email from any account you have access to, even if that account has not been added to your Outlook.įor example, if you have permission to send emails from Outlook will send the email to the Exchange server and check that you have permission to send emails from the address. You’ll receive a Delivery Failure Notification instead. If you try to send an email from an address that you don’t have permission to access, a Microsoft email server (commonly referred to as an Exchange server) will not send the email. Microsoft-hosted email accounts do things a bit differently. In our example in the screenshots, Outlook sent the email to Gmail’s SMTP server, which worked out that the email address we were sending belong to us, and so instead the recipient received an email from our original Gmail address. Google simply ignores the new email address you’ve used, and the recipient will see your Gmail address. RELATED: Why Am I Getting Spam From My Own Email Address? How each provider handles this situation is a bit different. The big email providers, such as Google, Microsoft, Apple, and Yahoo, use something called SPF (Sender Policy Framework), DMARC (Domain-based Message Authentication, Reporting, and Conformance), and DKIM (Domain Keys Identified Mail) to prevent (among other things) people from sending emails from addresses (spoofing) that aren’t theirs. What will happen with your email is entirely dependent on how your email provider’s SMTP server is configured. The client simply sends the email to your provider’s SMTP server (Simple Mail Transfer Protocol server, often called a mail server), and lets the SMTP server decide what to do with your email.
Microsoft Outlook itself, and other email clients like Thunderbird or Apple Mail, don’t do any checking on the email address from which you send.
How Email Providers Handle Messages Sent From a Different “From” Address Both of those answers are dependent on who your email provider is.