E-mail Spoofing : Comment l’éviter et protéger votre entreprise
Vous est-il déjà arrivé de recevoir un e-mail qui semblait légitime — avec le bon logo, un ton familier — mais qui vous a tout de même paru suspect ? Pire encore, un de vos clients vous a-t-il déjà contacté après avoir reçu un e-mail douteux qui semblait provenir de votre entreprise ?
C’est ça, le spoofing d’e-mail.
Le spoofing d’e-mail est une technique utilisée par des cybercriminels pour falsifier l’adresse de l’expéditeur afin de faire croire que le message provient d’une source fiable — souvent une entreprise connue. Leur objectif ? Tromper le destinataire pour l’amener à cliquer sur un lien malveillant ou à divulguer des informations sensibles.
Dans cet article, nous allons vous expliquer comment fonctionne le spoofing d’e-mail, les risques qu’il représente et, surtout, les actions que vous pouvez mettre en place pour protéger votre entreprise et vos clients.
À quoi ressemble un e-mail spoof ?
Voici les éléments clés à surveiller pour identifier un e-mail spoofé :
- Spoofing du nom d’affichage : un e-mail où le nom d’affichage est identique ou très proche de celui d’un employé réel de l’entreprise. Cela crée un faux sentiment de légitimité.
- Spoofing du domaine : l’expéditeur falsifie non seulement le nom d’affichage, mais aussi le nom de domaine de l’entreprise. L’adresse e-mail semble alors provenir du domaine officiel, rendant la fraude plus difficile à détecter.
- Adresse de l’expéditeur suspecte : c’est souvent un indice révélateur. Même si le nom d’affichage peut sembler familier, le domaine qui suit le symbole “@” est souvent différent ou étrange. Cela trahit généralement une tentative de spoofing.
- Un ton pressant ou menaçant : les cybercriminels utilisent souvent un langage alarmant pour pousser le destinataire à agir rapidement, sans prendre le temps de réfléchir. Cela peut inclure des menaces ou une fausse urgence.
- Promesses de gains ou de cadeaux : ces e-mails prétendent souvent que vous avez gagné un prix ou une récompense. Cela pousse les victimes à fournir des informations personnelles ou à cliquer sur des liens ou pièces jointes malveillants pouvant infecter leurs appareils.
- Incohérences visuelles : certains e-mails spoofés présentent des logos obsolètes, des fautes de mise en page ou un format différent des communications habituelles de l’entreprise. Bien que les fraudeurs deviennent de plus en plus habiles à imiter le style visuel, certaines tentatives restent faciles à repérer.
Stopper le spoofing d’e-mail : les bonnes pratiques à connaître
Le spoofing d’e-mail peut être limité, voire empêché, en configurant plusieurs mécanismes d’authentification comme SPF, DKIM et DMARC. Chacun joue un rôle distinct dans la vérification des messages, mais c’est leur mise en œuvre conjointe qui permet de protéger efficacement votre domaine contre les tentatives de spoofing.
Sender Policy Framework (SPF)
SPF est un protocole d’authentification des e-mails conçu pour vérifier l’identité de l’expéditeur.
Pour mettre en place SPF, vous devez déclarer les adresses IP ou serveurs de messagerie autorisés à envoyer des e-mails en votre nom. Lorsqu’un e-mail est reçu, le serveur de réception interroge le serveur DNS du domaine pour vérifier si l’adresse IP de l’expéditeur figure bien parmi celles autorisées. Si ce n’est pas le cas, le message peut être marqué comme suspect ou bloqué.
L’e-mail n’est délivré dans la boîte de réception du destinataire que s’il provient d’une adresse IP autorisée et s’il réussit la validation SPF. En configurant correctement les enregistrements SPF, vous pouvez améliorer la délivrabilité de vos messages, réduire les risques de spam et prévenir l’usurpation d’adresse e-mail.
DomainKeys Identified Mail (DKIM)
DKIM est une signature numérique ajoutée à chaque e-mail que vous envoyez. Elle fonctionne en complément des enregistrements SPF.
En plus de vérifier l’authenticité de l’expéditeur, DKIM permet de s’assurer que le contenu du message n’a pas été altéré ou modifié pendant son acheminement. C’est un moyen efficace de garantir l’intégrité des e-mails et de renforcer la confiance des destinataires.
Pour configurer DKIM, il faut publier une clé publique dans les enregistrements DNS de votre domaine. Lorsqu’un e-mail est envoyé, votre serveur génère une empreinte numérique du message (incluant le contenu et les titres) et la signe à l’aide d’une clé privée, qui reste confidentielle.
Lors de la réception, le serveur du destinataire utilise la clé publique pour vérifier si cette signature est bien authentique. Si l’empreinte correspond, cela signifie que le message n’a pas été altéré pendant son envoi.
Cette méthode garantit l’intégrité de vos e-mails et empêche les attaquants de se faire passer pour vous, puisqu’ils ne possèdent pas la clé privée nécessaire pour signer les messages.
DMARC (Domain-based Message Authentication, Reporting and Conformance)
DMARC est une méthode d’authentification avancée conçue pour prévenir le spoofing e-mail. Elle repose sur les protocoles SPF et DKIM, et permet de définir une politique claire à appliquer lorsqu’un message échoue à ces vérifications.
Concrètement, DMARC vous permet de publier une politique dans votre DNS indiquant aux serveurs de messagerie des destinataires quoi faire lorsqu’un e-mail ne passe pas les contrôles SPF ou DKIM. Trois actions sont possibles :
Action 1 : Aucune action
Aucune mesure n’est prise, même si le message échoue aux vérifications SPF ou DKIM.
L’e-mail est quand même transmis dans la boîte de réception du destinataire.
Action 2 : Quarantine
L’e-mail est livré, mais redirigé vers le dossier des spams ou courrier indésirable, car il n’a pas passé les contrôles SPF/DKIM.
Action 3 : Rejeter
Si cette politique est choisie, tout e-mail qui échoue aux vérifications SPF ou DKIM est simplement rejeté. Il ne sera jamais livré au destinataire.
Comment Zoho Campaigns vous aide à prévenir le spoofing d’identité par email et à protéger votre domaine
Zoho Campagins permet à chaque utilisateur de configurer facilement les enregistrements SPF et DKIM afin d’authentifier son domaine.
Si un email réussit les vérifications SPF et DKIM, la politique DMARC ne s’applique pas. En revanche, si l’une de ces vérifications échoue, le serveur de réception consulte alors la politique DMARC du domaine pour déterminer comment traiter le message. Il est important de noter qu’une politique DMARC ne peut être activée qu’après la mise en place des enregistrements SPF et DKIM, sans quoi la validation DMARC échouera.
Une fois l’authentification SPF et DKIM configurée pour votre domaine, vous pouvez définir la politique DMARC dans les enregistrements DNS de votre domaine. Vous pouvez en apprendre davantage sur la configuration des enregistrements DMARC ici.
Configurer SPF et DKIM permet non seulement de lutter contre spoofing e-mail, mais aussi d’améliorer la délivrabilité de vos messages. En plus de SPF et DKIM, Zoho Campaigns propose également plusieurs fonctionnalités axées sur la délivrabilité, afin d'assurer que vos emails atteignent toujours la boîte de réception.
E-mail spoofing évolue constamment, et rester passif face à cette menace peut entraîner des pertes financières ou nuire à la réputation de votre entreprise.
En mettant en place de manière proactive des protocoles d’authentification email tels que SPF, DKIM et DMARC, les entreprises peuvent réduire considérablement les risques liés à l’usurpation d’identité par email.
L'équipe Zoho France
Access your files securely from anywhere
New to Zoho Recruit?
Zoho Developer Community
New to Zoho LandingPage?
Zoho LandingPage Resources
New to Zoho Survey?
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Bigin?
Topic Participants
Kinjal Lodaya
Sticky Posts
Collaboration sans faille avec Zoho One
Bonjour à tous, Dans cet article nous allons voir comment Zoho One permet une collaboration à différents niveaux . La façon dont nous travaillons évolue. À mesure que les entreprises se mondialisent, la plupart des activités sont menées en équipe.
New to Zoho TeamInbox?
Zoho TeamInbox Resources
Zoho CRM Plus Resources
Zoho Books Resources
Zoho Subscriptions Resources
Zoho Projects Resources
Zoho Sprints Resources
Qntrl Resources
Zoho Creator Resources
Zoho CRM Resources
Design. Discuss. Deliver.
Zoho Show Resources
Get Started. Write Away!
Writer is a powerful online word processor, designed for collaborative work.
Zoho CRM コンテンツ
-
オンラインヘルプ
-
Webセミナー
-
機能活用動画
-
よくある質問
-
Ebook
-
-
Zoho Campaigns
- Zoho サービスのWebセミナー
その他のサービス コンテンツ
Nederlandse Hulpbronnen
ご検討中の方
Recent Topics
Kaizen #197: Frequently Asked Questions on GraphQL APIs
🎊 Nearing 200th Kaizen Post – We want to hear from you! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.Multiple Languages for Product Names
Hi, I use 2 languages: spanish and english. I want to have for every product a name in spanish and a name on english. I want to have to possibility of choosing one of these languages when making an invoice or a purchase order. Is there any way to doItem with name in different languate
Hello, is there a way to have an item with its name in different languages? For example: I sell an item in different markets and I'd like to have a Proposal and the Invoice with the Item Name in a specific language. Rino Bertolotto Zoho Specialist, STESA srlContacts with most tickets? Alarm for multiple tickets?
Is it possible to see through the analytics/reports which contacts are creating the most tickets (not the most discussed ones)? Also, is there a way to set up a notification if a contact creates multiple tickets within a certain time frame?Issue with Template Subject Line Format in Zoho CRM
Hi Team, I’ve noticed that when I update the subject line of an email template in Zoho CRM, it sometimes appears in an incorrect format when used. Please see the attached screenshot for reference. Kindly look into this issue and fix this issue from backendTwo Data Labels in Bar Chart
I need to create a bar chart that has both the SUM and COUNT. I've concatenated them into a formula but it converts it into a stacked bar / scattered chart. The bar chart is no longer accessible. Since i'm comparing YOY, it would be best to have it inDisable field on subform row
Hi, Is it currently possible to disable a row item on a subform? I was just trying to do something whereby until another value is entered the field is disable but for the deluge scripting interface threw up an error saying such a function is not supported on a subform. Thanks in advance for your help. ShaheedLeads - Kanban view fit to screen
Hey guys, I created a custom layout for my leads, staged by lead status. I have 10 types of status. In Kanban view I see only 4 columns/stages and need to scroll to the right to see the rest. Is there a way to make columns/stages be displayed all together?Request to Differentiate Auto-Closed WhatsApp Conversations in SalesIQ
Hi Zoho Support, I’d like to raise a request related to the way WhatsApp conversations are auto-closed in SalesIQ. Every Monday, our Sales team has to manually review each closed WhatsApp conversation from the weekend to identify which ones were automaticallyKanban View UI gets a revamp
Hello everyone, In the coming week you will notice design related enhancements in Kanban View. The UI has been changed and a new option is introduced under Kanban View Settings that allows to change the color of the category headers. Please, note that the functionality is not changed. These changes will not apply to the Activities and Visits modules. Here are the details of the changes: 1. The column widths have been fixed to 300 px. The records will have a box around them for clear distinction.Issue with Anchor Link on Zoho Landing Page (Mobile/Tablet View)
Hi Team, I have created a landing page using Zoho Landing Page and added an anchor link to it. The anchor link is working fine on desktop view; however, it does not work properly on mobile or tablet view. I’ve tried debugging this issue in multiple ways,Simplest way to convert XML to a map?
I've reviewed the help info and some great posts on the forum here by Stephen Rhyne (srhyne). At the moment I'm using XPath to generate a list of xml nodes, iterating through that to fetch the field name/value pairs and adding them to a map (one map for each record in the data). I then convert the row map to a string and add it to a list. Here's the function: list xml.getRecordListFromXML(string xml_data, string ele_name) { result = List(); // get list of record nodes rec_list = input.xml_data.toXML().executeXPath("//"Introducing Creator Simplified: An exclusive learning series to enhance your app development skills
Hey Creators! Welcome to Zoho Creator's new learning series, Creator Simplified. In this series, we'll dive into real-world business use cases and explore how to translate your requirements into solutions in your Creator application. You can also expect[Product update] Updated Data Synchronization Process for QuickBooks - Zoho Analytics Integration.
Dear QuickBooks integration users, We’re making an important update in the way data is currently synced in your QuickBooks integration within Analytics workspace. What’s changing: Previously, with every data synchronization, Zoho Analytics used to fetchZoho CRM new calander format cannot strikethrough completed task
Hi, Recently there is a new format for calendar within Zoho CRM However, found out that a completed task will not cross out or strikethrough like previous format. Without strikethrough, it will be difficult to identify which task is still in Open status.How to edit form layout for extension
I am working on extension development. I have created all the fields. I want to rearrange the layout in Sigma platform. But there is no layout module in Sigma. How can I achieve this for extensions other than Zet CLI and putting the fields into widgetEmployees not Users
Hello, We are a construction company that has +180 employees and most of them are in remote location working onsite with no access to internet. Is it possible that we have data stored for all employees but have only 5-10 users who will be in charge of entering employees data? or do we have to pay for all +180 employees? even though they won't be using the system?Zoho people generatimg pdf
Hello , now i want to make a customm button in zoho people that is inside a deduction module , that fetches all the records and generate a pdf with a template that i have done in the mail merges template , i was told that i have to upload template onAbility to Filter Alias Mailboxes in Zoho Recruit
Dear Zoho Recruit Team, I hope you are doing well. We would like to request a feature enhancement regarding the handling of alias mailboxes in Zoho Recruit. Currently, when we connect an alias mailbox (e.g., jobs@domain.com) from our Zoho One accountzohorecruit.com career form postcode bug
Dear, When I select a postcode from the drop down on a zohorecruit.com career form, the street text field is automatically filled with the name of the city, which should not happen. Any idea how I can fix this? Thanks, BartOffice-365-agenda and Microsoft Teams Integration
Dear, I have a trial version of Zoho Recruit and trying to evaluate the Microsoft Teams Integration in Zoho Recruit. After registering with my Office 365 account and checking the result of the registration/sign-in at https://mysignins.microsoft.com/ (whichDelegate Access - Mobile iOS/iPad
We’re over the moon that delegate access is now available in Zoho Mail as we were nearly ready to switch platforms because of it! Is there a timeline on when delegate mailboxes will be accessible from the iOS and iPad OS applications? Thanks, JakeHow to add Connector in developer platform zoho?
Hi, I am working on creating an Extension, and part of the development is to retrieve Email templates. In my CRM instance I can invokeURL by creating Zoho OAuth connection and get the template. But developer platform does not provide Zoho OAuth or anyHow to archive Lost/Junk Leads so sales reps don’t see them, but keep them for reporting?
Hi everyone, In our Zoho CRM we have two Lead Status values: Lost Lead and Junk Lead. What I want to achieve is: When a lead is marked as Lost or Junk, it should disappear from my sales reps’ Lead views (so they only see active leads). At the same time,Zoho CRM Canvas Copy Original Layout
Hello all, I want to use Canvas to make small changes to certain views, not to make huge changes. Is it possible to copy the original Zoho layout and set-up and start from there? I checked and all I can find are some templates which are far from the originalRevenue Management: #5 Revenue Recognition in SaaS
If you're building or running a SaaS business, you've probably encountered this. You get paid upfront for a subscription and a one-time onboarding fee, but you end up with confusion about when to consider it revenue. Can I book all of it now? Should IMS Teams for daily call operations
Hello all, Our most anticipated and crucial update is finally here! Organizations using Microsoft Teams phone system can now integrate it effectively with Zoho CRM for tasks like dialling numbers and logging calls. We are enhancing our MS Teams functionalityZoho Learn Course Access Issue
One of the learners in a specific course can't see any lessons. They are registered as both a user and learner for this course in Zoo Learn. What could be the reason?ZOHOLICS Japan 2025 開催のお知らせ(再投稿)
【コミュニティユーザーの皆さまへお知らせ】 Zoho 最大のユーザーイベント「ZOHOLICS Japan 2025」を9月19日(金)に開催します。 AI活用に関する特別講演、ユーザー事例、Zoho 製品の活用例のご紹介など、Zoholicsならではのセッションをご用意しています。 Zoho コミュニティ開催のMeetupとはまた違った雰囲気のイベントです。 ご都合のつく方はお気軽にご参加ください✨ 詳細はこちら https://events.zoho.jp/zoholics2025#/?affl=forumpost2Phone Number format for Bulk Upload via csv for Zoho Sign
What is the phone number format that we need to use for a bulk recipient upload via csv in zoho sign, should the country code be included for ex if its US should it be +18889007865 ior 18889007865 or without country code 8889007865? the sample csv providedFilter Page Elements By Selectable Date Range
I have created a basic Page that will serve as a client dashboard with elements that will provide simple counts & sums of data in reports. There are no reports or forms added to the page, just elements. It currently functions as needed, but shows theCan’t Enter my Notebook is Locked
I’ve been using Notebook for taking notes at my college for a month and I never signed in and I never established a password. Today I tried to enter the app after the update and it asked me for a password. I need to access to my notes urgently and I can’tSend Email Directly to Channel
Hi, We are coming from Slack. In Slack each channel has a unique Email address that you can send emails too. I currently forward a specific type of email from my Gmail InBox directly do this channel for Verification Codes so my team doesn't have to askSecure your external sharing process with OTP Authentication
For any business, it's crucial to share files externally in a way that is both secure and controlled. Let's say you want to share confidential data with your partners and vendors. You must ensure that only your intended recipients can access the sharedItems attribute questions
Many of my items have attributes, such as size and color. How can I add new fields to the "New Items" screen to capture that in my Purchase Orders, Items, and Sales Order pages? I only see these attribute fields when adding an Item Group. Also, on theIs there a way to search mail for items you haven't yet responded to?
I'm trying to create a search to show emails that haven't been responded to and that have also been assigned a tag or label. Is there a way to search for the inverse of replied?Subtotals per Header
Hey, we would like to display subtotals per header in our invoices:upgrade storage
how to upgrade my storageLinking items from books and subscription
Linking books and subscription It is a pity that it is not possible to associate with a product an article present in ZohoBooks This would make it possible to manage products composed of a nomenclature of articles of booksAdd the ability to view number of hours planned for a workorder while in the Dispatch Console
Hi Zoho, When dispatching a work order through the Dispatch Console, there's currently no way to view the number of planned hours for the service tasks associated with that specific work order. Having to click into the details each time to check plannedNext Page