E-mail Spoofing : Comment l’éviter et protéger votre entreprise
Vous est-il déjà arrivé de recevoir un e-mail qui semblait légitime — avec le bon logo, un ton familier — mais qui vous a tout de même paru suspect ? Pire encore, un de vos clients vous a-t-il déjà contacté après avoir reçu un e-mail douteux qui semblait provenir de votre entreprise ?
C’est ça, le spoofing d’e-mail.
Le spoofing d’e-mail est une technique utilisée par des cybercriminels pour falsifier l’adresse de l’expéditeur afin de faire croire que le message provient d’une source fiable — souvent une entreprise connue. Leur objectif ? Tromper le destinataire pour l’amener à cliquer sur un lien malveillant ou à divulguer des informations sensibles.
Dans cet article, nous allons vous expliquer comment fonctionne le spoofing d’e-mail, les risques qu’il représente et, surtout, les actions que vous pouvez mettre en place pour protéger votre entreprise et vos clients.
À quoi ressemble un e-mail spoof ?
Voici les éléments clés à surveiller pour identifier un e-mail spoofé :
- Spoofing du nom d’affichage : un e-mail où le nom d’affichage est identique ou très proche de celui d’un employé réel de l’entreprise. Cela crée un faux sentiment de légitimité.
- Spoofing du domaine : l’expéditeur falsifie non seulement le nom d’affichage, mais aussi le nom de domaine de l’entreprise. L’adresse e-mail semble alors provenir du domaine officiel, rendant la fraude plus difficile à détecter.
- Adresse de l’expéditeur suspecte : c’est souvent un indice révélateur. Même si le nom d’affichage peut sembler familier, le domaine qui suit le symbole “@” est souvent différent ou étrange. Cela trahit généralement une tentative de spoofing.
- Un ton pressant ou menaçant : les cybercriminels utilisent souvent un langage alarmant pour pousser le destinataire à agir rapidement, sans prendre le temps de réfléchir. Cela peut inclure des menaces ou une fausse urgence.
- Promesses de gains ou de cadeaux : ces e-mails prétendent souvent que vous avez gagné un prix ou une récompense. Cela pousse les victimes à fournir des informations personnelles ou à cliquer sur des liens ou pièces jointes malveillants pouvant infecter leurs appareils.
- Incohérences visuelles : certains e-mails spoofés présentent des logos obsolètes, des fautes de mise en page ou un format différent des communications habituelles de l’entreprise. Bien que les fraudeurs deviennent de plus en plus habiles à imiter le style visuel, certaines tentatives restent faciles à repérer.
Stopper le spoofing d’e-mail : les bonnes pratiques à connaître
Le spoofing d’e-mail peut être limité, voire empêché, en configurant plusieurs mécanismes d’authentification comme SPF, DKIM et DMARC. Chacun joue un rôle distinct dans la vérification des messages, mais c’est leur mise en œuvre conjointe qui permet de protéger efficacement votre domaine contre les tentatives de spoofing.
Sender Policy Framework (SPF)
SPF est un protocole d’authentification des e-mails conçu pour vérifier l’identité de l’expéditeur.
Pour mettre en place SPF, vous devez déclarer les adresses IP ou serveurs de messagerie autorisés à envoyer des e-mails en votre nom. Lorsqu’un e-mail est reçu, le serveur de réception interroge le serveur DNS du domaine pour vérifier si l’adresse IP de l’expéditeur figure bien parmi celles autorisées. Si ce n’est pas le cas, le message peut être marqué comme suspect ou bloqué.
L’e-mail n’est délivré dans la boîte de réception du destinataire que s’il provient d’une adresse IP autorisée et s’il réussit la validation SPF. En configurant correctement les enregistrements SPF, vous pouvez améliorer la délivrabilité de vos messages, réduire les risques de spam et prévenir l’usurpation d’adresse e-mail.
DomainKeys Identified Mail (DKIM)
DKIM est une signature numérique ajoutée à chaque e-mail que vous envoyez. Elle fonctionne en complément des enregistrements SPF.
En plus de vérifier l’authenticité de l’expéditeur, DKIM permet de s’assurer que le contenu du message n’a pas été altéré ou modifié pendant son acheminement. C’est un moyen efficace de garantir l’intégrité des e-mails et de renforcer la confiance des destinataires.
Pour configurer DKIM, il faut publier une clé publique dans les enregistrements DNS de votre domaine. Lorsqu’un e-mail est envoyé, votre serveur génère une empreinte numérique du message (incluant le contenu et les titres) et la signe à l’aide d’une clé privée, qui reste confidentielle.
Lors de la réception, le serveur du destinataire utilise la clé publique pour vérifier si cette signature est bien authentique. Si l’empreinte correspond, cela signifie que le message n’a pas été altéré pendant son envoi.
Cette méthode garantit l’intégrité de vos e-mails et empêche les attaquants de se faire passer pour vous, puisqu’ils ne possèdent pas la clé privée nécessaire pour signer les messages.
DMARC (Domain-based Message Authentication, Reporting and Conformance)
DMARC est une méthode d’authentification avancée conçue pour prévenir le spoofing e-mail. Elle repose sur les protocoles SPF et DKIM, et permet de définir une politique claire à appliquer lorsqu’un message échoue à ces vérifications.
Concrètement, DMARC vous permet de publier une politique dans votre DNS indiquant aux serveurs de messagerie des destinataires quoi faire lorsqu’un e-mail ne passe pas les contrôles SPF ou DKIM. Trois actions sont possibles :
Action 1 : Aucune action
Aucune mesure n’est prise, même si le message échoue aux vérifications SPF ou DKIM.
L’e-mail est quand même transmis dans la boîte de réception du destinataire.
Action 2 : Quarantine
L’e-mail est livré, mais redirigé vers le dossier des spams ou courrier indésirable, car il n’a pas passé les contrôles SPF/DKIM.
Action 3 : Rejeter
Si cette politique est choisie, tout e-mail qui échoue aux vérifications SPF ou DKIM est simplement rejeté. Il ne sera jamais livré au destinataire.
Comment Zoho Campaigns vous aide à prévenir le spoofing d’identité par email et à protéger votre domaine
Zoho Campagins permet à chaque utilisateur de configurer facilement les enregistrements SPF et DKIM afin d’authentifier son domaine.
Si un email réussit les vérifications SPF et DKIM, la politique DMARC ne s’applique pas. En revanche, si l’une de ces vérifications échoue, le serveur de réception consulte alors la politique DMARC du domaine pour déterminer comment traiter le message. Il est important de noter qu’une politique DMARC ne peut être activée qu’après la mise en place des enregistrements SPF et DKIM, sans quoi la validation DMARC échouera.
Une fois l’authentification SPF et DKIM configurée pour votre domaine, vous pouvez définir la politique DMARC dans les enregistrements DNS de votre domaine. Vous pouvez en apprendre davantage sur la configuration des enregistrements DMARC ici.
Configurer SPF et DKIM permet non seulement de lutter contre spoofing e-mail, mais aussi d’améliorer la délivrabilité de vos messages. En plus de SPF et DKIM, Zoho Campaigns propose également plusieurs fonctionnalités axées sur la délivrabilité, afin d'assurer que vos emails atteignent toujours la boîte de réception.
E-mail spoofing évolue constamment, et rester passif face à cette menace peut entraîner des pertes financières ou nuire à la réputation de votre entreprise.
En mettant en place de manière proactive des protocoles d’authentification email tels que SPF, DKIM et DMARC, les entreprises peuvent réduire considérablement les risques liés à l’usurpation d’identité par email.
L'équipe Zoho France
Access your files securely from anywhere
New to Zoho Recruit?
Zoho Developer Community
New to Zoho LandingPage?
Zoho LandingPage Resources
New to Zoho Survey?
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Bigin?
Topic Participants
Kinjal Lodaya
Sticky Posts
Collaboration sans faille avec Zoho One
Bonjour à tous, Dans cet article nous allons voir comment Zoho One permet une collaboration à différents niveaux . La façon dont nous travaillons évolue. À mesure que les entreprises se mondialisent, la plupart des activités sont menées en équipe.
New to Zoho TeamInbox?
Zoho TeamInbox Resources
Zoho CRM Plus Resources
Zoho Books Resources
Zoho Subscriptions Resources
Zoho Projects Resources
Zoho Sprints Resources
Qntrl Resources
Zoho Creator Resources
Zoho CRM Resources
Design. Discuss. Deliver.
Zoho Show Resources
Get Started. Write Away!
Writer is a powerful online word processor, designed for collaborative work.
Zoho CRM コンテンツ
-
オンラインヘルプ
-
Webセミナー
-
機能活用動画
-
よくある質問
-
Ebook
-
-
Zoho Campaigns
- Zoho サービスのWebセミナー
その他のサービス コンテンツ
Nederlandse Hulpbronnen
ご検討中の方
Recent Topics
Notes badge as a quick action in the list view
Hello all, We are introducing the Notes badge in the list view of all modules as a quick action you can perform for each record, in addition to the existing Activity badge. With this enhancement, users will have quick visibility into the notes associatedBlueprint transitions on locked records
We use the ability to automatically lock records (quotes, sales orders, etc.) based on criteria, such as stage. For instance, if a quote has been sent to a client, the quote is then locked for further edits. Our ideal quote stage process is: Draft>Sent>Won.Limit maximum entries for subform - depending on fields entry
Hi Zoho! I have a form with a subform in it. I'd like to have limitation for the row number depending on an entry in a drop-down field in the main form (If the field in the main form is marked "Answer1" - Limit the entries to 1 row, if the field is "Answer2" to have 2 rows limitation, "Answer3" = no limitation at all) Can this be done? Thanks RavidSave HTML Snippet Page as PDF with Dynamic Data in Zoho Creator (Working Solution)
Hi Zoho Creator Community 👋, I faced a common challenge while working with HTML Snippet Pages — I needed to generate a PDF with dynamic data and save it back into the record automatically. Here’s the working solution that might help others. Use CaseHow to loop through Multiple Upload and Display Actual File Name
I have been reading the help on the File Upload Control and reviewed the Deluge help on files and I can not figure out how to loop through the uploaded files and do anything but get the automatically created file names. The code below will run but eachCliq Networks users can see all other network users contact information
Is there a way to hide user contact information from each user in networks? I would only like the users to see the admin's contact information, not other users. Network users information shared by defaultMake Camera Overlay & Recording Controls Visible in All Screen-Sharing Options
Hi Zoho WorkDrive Team, Hope you are doing well. We would like to request an improvement to the screen-recording experience in Zoho WorkDrive. Current Limitation: At the moment the recording controls are visible only inside the Zoho WorkDrive tab. WhenCannot connect to imap.zoho.eu on iOS26
Hey, I recently migrated to another iPhone and since then use iOS26. Every since then, I was not able to connect to "imap.zoho.eu" from Apple Mail. I tried deleting the account and adding it again, did not work. I tried creating an app password, didn'tPieds de page personnalisé - Document Zoho Writer
Bonjour à tous, Je rencontre un souci avec l’ajout d’un pied de page personnalisé dans un document Zoho Writer. Je souhaite insérer les informations de mon entreprise (notamment un logo + adresse) dans le pied de page. Le problème, c’est que lorsque j’ajouteRebranding Options for Zoho One
We need the addition of rebranding and white-labeling settings directly within the Zoho One Admin Panel. This feature should allow organizations to customize the unified portal with their own logo, brand colors, and custom domain mapping (e.g., portal.company.com).Tip #57- Accessibility Controls in Zoho Assist: Mobility- 'Insider Insights'
Remote support should be easy to navigate for everyone. For users with mobility-related accessibility needs, long sessions and complex navigation can be challenging. Zoho Assist’s Mobility Accessibility Controls simplify interaction through keyboard-basedTo print Multiple delivery notes in batches
In Zoho Books, we can print a Delivery Note from an Invoice using the Print Delivery Note option, but it is non-editable and always prints all line items from the invoice. Our requirement is to deliver invoiced items in batches and print delivery notesOpen sub form from a button as a popup form
Is there a way within a form to use similar code as below to show a button in the form when clicked opens the subform for data to be added to the record being viewed in the form OpenUrl("#Form:<Customer_Delivery_Address>?<Delivery_Address>=" + input.ID,"popupUPLOAD A CREATED PDF AUTOMATICALLY
Using the html header pdf+print button, I have managed to find a way to have a user create a pdf using entered form data. Using the schedule button, I can have a "file uploaded" pdf mailed to someone as an attachment. The missing piece is to be able to add the pdf, created in that html page to a file upload field automatically? Right now one has to save it to computer and then upload it in a FILE UPLOAD FIELD. Any help would appreciated !Fix the speed
It takes ages to load on every step even though my dataset is quite small.Consolidated Department-wise Payroll Cost Summary Report
Hello Zoho Payroll Team and Community, I am writing to discuss a reporting requirement regarding department-level expense tracking within Zoho Payroll. As we scale and manage salary distribution for employees across multiple departments, such as Accounts,Write-Off multiple invoices and tax calculation
Good evening, I have many invoices which are long overdue and I do not expect them to be paid. I believe I should write them off. I did some tests and I have some questions: - I cannot find a way to write off several invoices together. How can I do that,What's new in Zoho Sheet: Simplify data entry and collaboration
Hello, Zoho Sheet community! Last year, our team was focused on research and development so we could deliver updates that enhance your spreadsheet experience. This year, we’re excited to deliver those enhancements—but we'll be rolling them out incrementallyCRM gets location smart with the all new Map View: visualize records, locate records within any radius, and more
Hello all, We've introduced a new way to work with location data in Zoho CRM: the Map View. Instead of scrolling through endless lists, your records now appear as pins on a map. Built on top of the all-new address field and powered by Mappls (MapMyIndia),Easier onboarding for new users with stage descriptions
Greetings, I hope all of you are doing well. We're happy to announce a recent enhancement we've made to Bigin. You can now add descriptions to the stages in your pipeline. Previously, when creating a pipeline, you could only add stages. With this update,Ability to Edit Ticket Subject when Splitting a Ticket
Often someone will make an additional or new request within an existing ticket that requires we split the ticket. The annoying part is that the new ticket maintains the subject of the original ticket after the split so when the new ticket email notificationHow to remove chat icon from knowledge base?
I have set up a knowledge base to hold FAQs and documentation. It is currently standalone, and not integrated into our website. On every page there is a chat button in the bottom left corner that says "We're offline, please leave a message." How can I[ZohoDesk] Improve Status View with a new editeble kanban view
A kanban view with more information about the ticket and the contact who created the ticket would be valueble. I would like to edit the fields with the ones i like to see at one glance. Like in CRM where you can edit the canvas view, i would like to editAutomated Dismissal of Specific Notifications and Centralized Control of Toast Notification Settings
Dear Zoho Team, I hope this message finds you well. We would like to request two enhancements related to notification handling within Zoho Desk: Automatic Dismissal of Specific Notifications: Currently, when certain actions are taken in the ticket listKnowledgebase SEO
We have a custom-domain mapped help center that is not restricted via login. I have some questions: a) will a robots.txt file still allow us to control indexing? b) do we have the ability to edit the sitemap? c) do category URLs get indexed by searchCreate case via email
Good Afternoon, I have just registered and am taking a look around the system. Is it possible to create a case via email. I.e. an employee/client/supplier emails a certain address and that auto generates the case which then prompts a member of staffShow field in spreadsheet view depending on other field value
Hello. Not sure if this is possible but let's say i have spreadsheet view in Creator with four different fields Field A, B, C and D Then i have a field named Response which for one record could contain only one of the pre-definde choices below A, B, CImproved Contact Sync flow in Google Integration with Zoho CRM
Hello Everyone, Your contact sync in Google integration just got revamped! We have redesigned the sync process to give users more control over what data flows into Google and ensure that this data flows effortlessly between Zoho CRM and Google. With thisIntroducing Assemblies and Kits in Zoho Inventory
Hello customers, We’re excited to share a major revamp to Zoho Inventory that brings both clarity and flexibility to your inventory management experience! Presenting Assemblies and Kits We’re thrilled to introduce Assemblies and Kits, which replaces theGood news! Calendar in Zoho CRM gets a face lift
Dear Customers, We are delighted to unveil the revamped calendar UI in Zoho CRM. With a complete visual overhaul aligned with CRM for Everyone, the calendar now offers a more intuitive and flexible scheduling experience. What’s new? Distinguish activitiesIntergrating multi location Square account with Zoho Books
Hi, I have one Square account but has multiple locations. I would like to integrate that account and show aggregated sales in zoho books. How can I do that? thanks.Zoho Learn Zapier Integration
Hello all, Is there any plan to integrate Zoho Learn with Zapier? It seems almost all Zoho products are in Zapier, with the exception of Learn and Marketing Automation.Notice: SalesIQ integration paused on Zoho Sites
I have this notice on my Zoho Sites in the SalesIQ integration setup. Can someone assist? "This integration has been temporarily paused for users. Reconnecting SalesIQ after disconnection will not be possible until we provide further updates." thankDifferences between Zoho Books and Zoho Billing
Without a long drawn out process to compare these. If you were looking at these Books and Billing, what made you opt for one and not the other. ThanksNew Feature : Copying tickets with all the contents such as conversations/history/attachments etc
Sometimes our customers and distributors do create tickets (or send emails) which contain more than one incident in them and then also some of the further conversations which are either created by incorrect new tickets or replies to old tickets are being created as combined tickets. In such cases we require to "COPY" the contents of the tickets into separate tickets and merge them into their corresponding original tickets. The "CLONE" feature doesn't copy the contents (especially the conversationsComo se agregan los empleados
Necesito saber si para agregar empleados los mismos necesitan tener licenciasDeluge Error Code 1002 - "Resource does not exist."
I am using the following script in a Custom Button on a Sales Return. Basically, the function takes the information in the sales return (plus the arguments that are entered by the user when the button is pushed) and creates a return shipping label viaAdding multiple Attendee email addresses when adding a Zoho Calendar event in Zoho Flow
I am trying to integrate Notion and Zoho Calendar via Zoho Flow. However, the Attendee email address supported by Zoho Calendar - Create event only supports one email address, so I am having difficulty implementing automation to automatically registerDeprecation of SMS-based multi-factor authentication (MFA) mode
Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offerBooks & Desk. Client mapping
Hi, I’ve been using Zoho Books for several years and am now looking to improve my customer service. I'm experimenting with Zoho Desk and want to sync and map my client data from Zoho Books. However, it seems that mapping requires both contacts to haveNext Page