E-mail Spoofing : Comment l’éviter et protéger votre entreprise

E-mail Spoofing : Comment l’éviter et protéger votre entreprise


Vous est-il déjà arrivé de recevoir un e-mail qui semblait légitime — avec le bon logo, un ton familier — mais qui vous a tout de même paru suspect ? Pire encore, un de vos clients vous a-t-il déjà contacté après avoir reçu un e-mail douteux qui semblait provenir de votre entreprise ?
C’est ça, le spoofing d’e-mail.
Le spoofing d’e-mail est une technique utilisée par des cybercriminels pour falsifier l’adresse de l’expéditeur afin de faire croire que le message provient d’une source fiable — souvent une entreprise connue. Leur objectif ? Tromper le destinataire pour l’amener à cliquer sur un lien malveillant ou à divulguer des informations sensibles.
Dans cet article, nous allons vous expliquer comment fonctionne le spoofing d’e-mail, les risques qu’il représente et, surtout, les actions que vous pouvez mettre en place pour protéger votre entreprise et vos clients.

À quoi ressemble un e-mail spoof ?

Voici les éléments clés à surveiller pour identifier un e-mail spoofé :
  • Spoofing du nom d’affichage : un e-mail où le nom d’affichage est identique ou très proche de celui d’un employé réel de l’entreprise. Cela crée un faux sentiment de légitimité.
  • Spoofing du domaine : l’expéditeur falsifie non seulement le nom d’affichage, mais aussi le nom de domaine de l’entreprise. L’adresse e-mail semble alors provenir du domaine officiel, rendant la fraude plus difficile à détecter.
  • Adresse de l’expéditeur suspecte : c’est souvent un indice révélateur. Même si le nom d’affichage peut sembler familier, le domaine qui suit le symbole “@” est souvent différent ou étrange. Cela trahit généralement une tentative de spoofing.
  • Un ton pressant ou menaçant : les cybercriminels utilisent souvent un langage alarmant pour pousser le destinataire à agir rapidement, sans prendre le temps de réfléchir. Cela peut inclure des menaces ou une fausse urgence.
  • Promesses de gains ou de cadeaux : ces e-mails prétendent souvent que vous avez gagné un prix ou une récompense. Cela pousse les victimes à fournir des informations personnelles ou à cliquer sur des liens ou pièces jointes malveillants pouvant infecter leurs appareils.
  • Incohérences visuelles : certains e-mails spoofés présentent des logos obsolètes, des fautes de mise en page ou un format différent des communications habituelles de l’entreprise. Bien que les fraudeurs deviennent de plus en plus habiles à imiter le style visuel, certaines tentatives restent faciles à repérer.

Stopper le spoofing d’e-mail : les bonnes pratiques à connaître

Le spoofing d’e-mail peut être limité, voire empêché, en configurant plusieurs mécanismes d’authentification comme SPF, DKIM et DMARC. Chacun joue un rôle distinct dans la vérification des messages, mais c’est leur mise en œuvre conjointe qui permet de protéger efficacement votre domaine contre les tentatives de spoofing.

Sender Policy Framework (SPF)

SPF est un protocole d’authentification des e-mails conçu pour vérifier l’identité de l’expéditeur.
Pour mettre en place SPF, vous devez déclarer les adresses IP ou serveurs de messagerie autorisés à envoyer des e-mails en votre nom. Lorsqu’un e-mail est reçu, le serveur de réception interroge le serveur DNS du domaine pour vérifier si l’adresse IP de l’expéditeur figure bien parmi celles autorisées. Si ce n’est pas le cas, le message peut être marqué comme suspect ou bloqué.
L’e-mail n’est délivré dans la boîte de réception du destinataire que s’il provient d’une adresse IP autorisée et s’il réussit la validation SPF. En configurant correctement les enregistrements SPF, vous pouvez améliorer la délivrabilité de vos messages, réduire les risques de spam et prévenir l’usurpation d’adresse e-mail.


DomainKeys Identified Mail (DKIM)

DKIM est une signature numérique ajoutée à chaque e-mail que vous envoyez. Elle fonctionne en complément des enregistrements SPF.
En plus de vérifier l’authenticité de l’expéditeur, DKIM permet de s’assurer que le contenu du message n’a pas été altéré ou modifié pendant son acheminement. C’est un moyen efficace de garantir l’intégrité des e-mails et de renforcer la confiance des destinataires.
Pour configurer DKIM, il faut publier une clé publique dans les enregistrements DNS de votre domaine. Lorsqu’un e-mail est envoyé, votre serveur génère une empreinte numérique du message (incluant le contenu et les titres) et la signe à l’aide d’une clé privée, qui reste confidentielle.
Lors de la réception, le serveur du destinataire utilise la clé publique pour vérifier si cette signature est bien authentique. Si l’empreinte correspond, cela signifie que le message n’a pas été altéré pendant son envoi.
Cette méthode garantit l’intégrité de vos e-mails et empêche les attaquants de se faire passer pour vous, puisqu’ils ne possèdent pas la clé privée nécessaire pour signer les messages.

DMARC (Domain-based Message Authentication, Reporting and Conformance)

DMARC est une méthode d’authentification avancée conçue pour prévenir le spoofing e-mail. Elle repose sur les protocoles SPF et DKIM, et permet de définir une politique claire à appliquer lorsqu’un message échoue à ces vérifications.
Concrètement, DMARC vous permet de publier une politique dans votre DNS indiquant aux serveurs de messagerie des destinataires quoi faire lorsqu’un e-mail ne passe pas les contrôles SPF ou DKIM. Trois actions sont possibles :
Action 1 : Aucune action
Aucune mesure n’est prise, même si le message échoue aux vérifications SPF ou DKIM.
L’e-mail est quand même transmis dans la boîte de réception du destinataire.
Action 2 : Quarantine
L’e-mail est livré, mais redirigé vers le dossier des spams ou courrier indésirable, car il n’a pas passé les contrôles SPF/DKIM.
Action 3 : Rejeter
Si cette politique est choisie, tout e-mail qui échoue aux vérifications SPF ou DKIM est simplement rejeté. Il ne sera jamais livré au destinataire.


Comment Zoho Campaigns vous aide à prévenir le spoofing d’identité par email et à protéger votre domaine

Zoho Campagins permet à chaque utilisateur de configurer facilement les enregistrements SPF et DKIM afin d’authentifier son domaine.
Si un email réussit les vérifications SPF et DKIM, la politique DMARC ne s’applique pas. En revanche, si l’une de ces vérifications échoue, le serveur de réception consulte alors la politique DMARC du domaine pour déterminer comment traiter le message. Il est important de noter qu’une politique DMARC ne peut être activée qu’après la mise en place des enregistrements SPF et DKIM, sans quoi la validation DMARC échouera.
Une fois l’authentification SPF et DKIM configurée pour votre domaine, vous pouvez définir la politique DMARC dans les enregistrements DNS de votre domaine. Vous pouvez en apprendre davantage sur la configuration des enregistrements DMARC ici.
Configurer SPF et DKIM permet non seulement de lutter contre spoofing e-mail, mais aussi d’améliorer la délivrabilité de vos messages. En plus de SPF et DKIM, Zoho Campaigns propose également plusieurs fonctionnalités axées sur la délivrabilité, afin d'assurer que vos emails atteignent toujours la boîte de réception.
E-mail spoofing évolue constamment, et rester passif face à cette menace peut entraîner des pertes financières ou nuire à la réputation de votre entreprise.
En mettant en place de manière proactive des protocoles d’authentification email tels que SPF, DKIM et DMARC, les entreprises peuvent réduire considérablement les risques liés à l’usurpation d’identité par email.

L'équipe Zoho France

    • Sticky Posts

    • Collaboration sans faille avec Zoho One

      Bonjour à tous, Dans cet article nous allons voir comment Zoho One permet une collaboration à différents niveaux .       La façon dont nous travaillons évolue. À mesure que les entreprises se mondialisent, la plupart des activités sont menées en équipe.

    • Recent Topics

    • Descargas en learn

      Buenos dias, yo en mis cursos para no tener que cargar los archivos que utilizare en las lecciones decidi utilizar la opcion de bloques para añadir un enlace de mi workdrive con el video que deseo para que sea todo mas organizado, pero hay un problema.

    • Mail delivery

      I initially had a problem sending any outgoing mail and was able to fix it on my own, given Zoho support never got back to me. However, despite being able to send emails now, none of my mail to different Gmail addresses are arriving, and they are not

    • Mermaid Support & Zoho Learn

      Hi Zoho Team, I’m currently working with Zoho Learn and was wondering if there’s any way to add support for Mermaid syntax to create flowcharts, sequence diagrams, and other visual elements within articles or lessons. Mermaid is widely used in technical

    • Blocked due to VPN

      Hi My account outgoing mails and IMAP access have been blocked due to using a vpn being interpreted as suspicious logins. I’ve tried to mail support but not sure if this is also blocked. This is extremely frustrating as I’m using a vpn because I’m travelling

    • reset admin access.

      I am a user under the domain @lanutraceuticals.com. I do not have admin access. Kindly let me know the administrator contact or help me reset admin access.”

    • Unsubscripation booked domin

      Kindly Un subscription booked domain

    • How to change Super Admin

      Good Day, Can someone kindly guide me on how to change the super Administrator. I have tried many times but could not succeed.

    • Events disappearing in Calendar

      To reproduce the bug: 1.- Add a new event in Calendar 2.- Type any name for the Event 3.- Click "Create" 4.- The event appears 5.- Click on the event to open it 6.- Optional: Edit the event 7.- Click OK 8.- After two seconds, the event disappears Now, click on another day and then come back to the inserted event's day. The event appears.

    • Mail transfer to a contact with multiple accounts

      Hi, Since we can only associate one email for a Contact across Zoho, would it be a problem if we want to merge our mailbox in the future? For example, Mr. Jones is the main POC for 5 accounts, once we merge our mail where would the messages go-- is it

    • @mention not working in Mail

      Am I missing something? When trying to forward a message there is a hint you could do this also by "@mention" at the end of the message. When typing (for example) "@s.." there should appear addresses from my contacts, shouldn´t it? But nothing happens! So what can I do? Best regards and thanks for any help in advance! JH P.S.: Sorry for my bad English.

    • Enable Zia-Powered Deluge Assistance and AI Agent Without Mandatory OpenAI Integration

      Hi Zoho Creator Team, Hope you're doing well. We’d like to request a feature enhancement related to Zia's AI capabilities in Zoho Creator, particularly regarding Deluge Assistance and the AI Agent. Currently, as shown in your documentation (Generate Deluge

    • Zoho Sign community meetup series - India

      Hello everyone! Zoho Sign is a comprehensive digital signature application tailor-made for Indian businesses with unique features like Aadhaar eSign, eStamping, USB/PFX signing. We are now excited to announce our first meetup series for Zoho Sign in India,

    • Product Updates in Zoho Workplace applications | June 2025

      Hello Workplace Community, Let’s take a look at the new features and enhancements that went live across all Workplace applications this June. Zoho Mail Slideshow view for inline images in Notes View all your inline images added in a notes in a effortlessly

    • Assign multiple vendors to the same product

      Guys, My business often purchase the same product from several vendors (based on price and availability). Is it possible to assign more than one vendor to the same product? I saw this same question in this forum, from some time ago. Is this feature available or, at least, in Zoho's roadmap? If not, is there any trick to solve my problem? Without this feature, I simply cannot manage my company's inventory, limiting very much the use of Zoho CRM. Waiting for your reply. Leonardo Kuba Sao Paulo / Brazil

    • Is there as way to shut off the invitation when you set up a new user?

      Is there as way to shut off the invitation when you set up a new user?  I would like to get all my users in the system, my org structure set up and tested, etc, BEFORE I invite the users.  I did not see a way to shut of the automatic invitation email.  The only way to get around it is to set up the users with no Email ID.  However, when you do that - you get into the problem of not being able to update a user's Email ID (which makes NO sense whatsoever).  If I set up a user with an incorrect email

    • Manage Engine login issue

      App not available The app you're trying to access isn't yet available in the in data center region, where your account is present. To use ManageEngine, you can sign up for a new account in another data center region. Learn How Go to Zoho accounts Please

    • Zoho Creator - users "Name" Column

      Hi, When you add user to an application inside Zoho Creator, the system generate an account name for it. We don't have the  ability to change this name. According to Zoho creator Support (Case:11523656) : "The values displayed under 'Name' column of 'Users & permissions' section, is actually the respective account's username and not the actual name specified on the account. Usernames are system designated based on the account email address and cannot be modified from your end." We need to have the

    • Zoho Assist Unattended - devices disappearing

      Hello, I've recently introduced a new model of laptops into our environment (Lenovo Legion). We are experiencing an issue where only the latest installed agent - laptop is visible in Assist. This issue does not appear with our Dell inventory. Example:

    • Searchable email tab in Bigin

      Hi team, Could I please request a feature update, to be able to search emails within the email tab of Bigin. We have large correspondence with some agents and it would be very helpful if we are able to search from this section:

    • The silent force behind great customer service

      Customer service is known to be a demanding role. Customer service agents are expected to bring empathy, clarity, and human connection to every voice call, chat, and remote session, even if the situation requires some time for customers facing stressful,

    • New From Email in Zoho Desk

      Dear ZohoSupport, We are trying to establish a new From Address in Zoho Desk but we are facing difficulties. When trying to use the smtp.office365.com SMTP Server, after clicking the Save and Verify button, the Authentication Failed error pops up although,

    • Option in pipeline deal to select which hotel or branch or store if client has more than one local store

      Hi, I would like to know if there is an option in the deal pipeline to select which hotel, branch, or store a deal is related to—if the company has more than one location. For example, I have a client that owns several hotels under the same company, and

    • Aggregate SalesIQ Knowledge Base Interactions into Zoho Desk Knowledge Base Dashboard

      Hello Zoho Desk Team, We hope you're doing well. We’d like to request a feature enhancement related to the Zoho Desk Knowledge Base dashboard and its integration with Zoho SalesIQ. 🎯 Current Limitation When customers interact with knowledge base articles

    • Add Prebuilt "Partner Finder" Template with Native Zoho CRM Integration in Zoho Sites To: Zoho Sites Product Team

      Hi Zoho Team, We hope you're doing well. We would like to request a prebuilt "Partner Finder" template for Zoho Sites, modeled after your excellent implementation here: 🔗 https://www.zoho.com/partners/find-partner-results.html ✅ Use Case: Our organization

    • Admin Visibility and Control Over Group Chats in Zoho Cliq

      Hello Zoho Cliq Team, We hope you're doing well. While we appreciate the current capabilities in Zoho Cliq — including the ability to restrict who can create group chats and configure user permissions — we would like to request several enhancements to

    • Update Regarding Zoho Finance Applications' Domains For API Users

      Hi users, Until now, both the Zoho Finance apps and their APIs shared a common domain. We've recently introduced separate domains for APIs. You can now start using the new domains for API calls. The old domains will not work for API users starting April

    • Ability for Agents to Initiate Voice Calls With Site Visitors Without Active Chat Session

      Dear Zoho SalesIQ Team, Greetings, We would like to request a feature enhancement related to the voice call functionality in Zoho SalesIQ. Current Limitation: At the moment, voice calls can only be initiated by agents after a chat session has been started

    • Add new Card

      How do you add a new credit card to a contact with Zoho API as can be done on web.  I am not able to find way to do this with Books API, CRM API or Subscriptions API.  This is an issue for our company as we do migration from a different system.  I can add card to a subscription through Subscriptions API, but some of our customers may not have a subscription, but only invoices set up in Zoho Books.  Is there any way in Zoho API to add new credit card to contact/customer?

    • Benchmark for Using Mail Merge in Service Order Scopes

      Hello, I was wondering if Zoho CRM has a benchmark or best practices for utilizing Mail Merge in service order scopes. Specifically, I'm looking for guidance on how to effectively integrate this feature for creating and managing service orders, especially

    • This user is not allowed to add in Zoho. Please contact support-as@zohocorp.com for further details

      Hello, Just signed up to ZOHO on a friend's recommendation. Got the TXT part (verified my domain), but whenever I try to add ANY user, I get the error: This user is not allowed to add in Zoho. Please contact support-as@zohocorp.com for further details I have emailed as well and writing here as well because when I searched, I saw many people faced the same issue and instead of email, they got a faster response here. My domain is: raisingreaderspk . com Hope this can be resolved.  Thank you

    • Why don't we have better integration with Mercado Pago or Pagseguro?

      Currently, the integration between Zoho Commerce and Mercado Pago for Brazil is very poor... Since it is old, it does not include the main payment method in Brazil today, which is PIX. Is there a date for this to finally be launched? There are numerous

    • two columns layout

      it's actually frustrating to not have this feature, I actually had to convince my employer to subscribe to zoho forms and integrate it with zoho crm, but because of this feature not beeing provided, our forms looks unnecessarly long and hideous. 

    • Sync Zoho Desk Help Center Category Icons to SalesIQ Articles

      Dear Zoho SalesIQ Team, Greetings, We are using the integration between Zoho SalesIQ and Zoho Desk to sync articles from our Zoho Desk Knowledge Base into SalesIQ. While this integration works well for syncing article content, we’ve noticed a visual inconsistency:

    • Company Name not pre-populating when using Quick Create: Contact

      Hi Devs, This has bugged me for a long time, and it's a simple UX design change to solve it. Problem: Users creating Contacts not linked to Companies/Accounts Cause: When a user creates an Opportunity where after browsing the Contacts they realise they

    • Spell Checker in Zoho desk

      Is there a way to set always check spelling before sending? Outlook does this and it is a handy tool to avoid typos

    • Enable Sync of SalesIQ Article Interactions to Zoho Analytics for Unified Knowledge Base Reporting

      Dear Zoho SalesIQ and Zoho Analytics Teams, Greetings, We’d like to formally request an enhancement to enable SalesIQ article interaction data to be synced with Zoho Analytics, so that we can obtain a unified view of our knowledge base performance metrics

    • How to enter membership share, sold or reimburse

      Hello, First, I am just begining taking care of the accounting of my organisation, and new also to Books. In Books, our accounting plan has an account #3900 - Share capital, that cumulates the share our member pay. How do I write a sale or a reimbursement

    • Ability for me to take the issued PDF certification on successful completion of a course then push to zoho sign in order that it is digitally certified

      How can I take the issued PDF certification on successful completion of a Zoho Learn course then trigger a workflow to push to Zoho Sign in order that it is digitally certified, hosted on the blockchain and then push to Zoho Workdrive to be hosted off

    • Candidates rejection process

      Is there a way to get ZOHORecruit to automatically send out an email to candidates that are rejected?

    • Multi file upload

      Hi, I just wonder if one could upload multiple files in one shot, say between one and three files, without adding multiple File Upload fields? Thanks, Alalbany

    • Next Page