E-mail Spoofing : Comment l’éviter et protéger votre entreprise
Vous est-il déjà arrivé de recevoir un e-mail qui semblait légitime — avec le bon logo, un ton familier — mais qui vous a tout de même paru suspect ? Pire encore, un de vos clients vous a-t-il déjà contacté après avoir reçu un e-mail douteux qui semblait provenir de votre entreprise ?
C’est ça, le spoofing d’e-mail.
Le spoofing d’e-mail est une technique utilisée par des cybercriminels pour falsifier l’adresse de l’expéditeur afin de faire croire que le message provient d’une source fiable — souvent une entreprise connue. Leur objectif ? Tromper le destinataire pour l’amener à cliquer sur un lien malveillant ou à divulguer des informations sensibles.
Dans cet article, nous allons vous expliquer comment fonctionne le spoofing d’e-mail, les risques qu’il représente et, surtout, les actions que vous pouvez mettre en place pour protéger votre entreprise et vos clients.
À quoi ressemble un e-mail spoof ?
Voici les éléments clés à surveiller pour identifier un e-mail spoofé :
- Spoofing du nom d’affichage : un e-mail où le nom d’affichage est identique ou très proche de celui d’un employé réel de l’entreprise. Cela crée un faux sentiment de légitimité.
- Spoofing du domaine : l’expéditeur falsifie non seulement le nom d’affichage, mais aussi le nom de domaine de l’entreprise. L’adresse e-mail semble alors provenir du domaine officiel, rendant la fraude plus difficile à détecter.
- Adresse de l’expéditeur suspecte : c’est souvent un indice révélateur. Même si le nom d’affichage peut sembler familier, le domaine qui suit le symbole “@” est souvent différent ou étrange. Cela trahit généralement une tentative de spoofing.
- Un ton pressant ou menaçant : les cybercriminels utilisent souvent un langage alarmant pour pousser le destinataire à agir rapidement, sans prendre le temps de réfléchir. Cela peut inclure des menaces ou une fausse urgence.
- Promesses de gains ou de cadeaux : ces e-mails prétendent souvent que vous avez gagné un prix ou une récompense. Cela pousse les victimes à fournir des informations personnelles ou à cliquer sur des liens ou pièces jointes malveillants pouvant infecter leurs appareils.
- Incohérences visuelles : certains e-mails spoofés présentent des logos obsolètes, des fautes de mise en page ou un format différent des communications habituelles de l’entreprise. Bien que les fraudeurs deviennent de plus en plus habiles à imiter le style visuel, certaines tentatives restent faciles à repérer.
Stopper le spoofing d’e-mail : les bonnes pratiques à connaître
Le spoofing d’e-mail peut être limité, voire empêché, en configurant plusieurs mécanismes d’authentification comme SPF, DKIM et DMARC. Chacun joue un rôle distinct dans la vérification des messages, mais c’est leur mise en œuvre conjointe qui permet de protéger efficacement votre domaine contre les tentatives de spoofing.
Sender Policy Framework (SPF)
SPF est un protocole d’authentification des e-mails conçu pour vérifier l’identité de l’expéditeur.
Pour mettre en place SPF, vous devez déclarer les adresses IP ou serveurs de messagerie autorisés à envoyer des e-mails en votre nom. Lorsqu’un e-mail est reçu, le serveur de réception interroge le serveur DNS du domaine pour vérifier si l’adresse IP de l’expéditeur figure bien parmi celles autorisées. Si ce n’est pas le cas, le message peut être marqué comme suspect ou bloqué.
L’e-mail n’est délivré dans la boîte de réception du destinataire que s’il provient d’une adresse IP autorisée et s’il réussit la validation SPF. En configurant correctement les enregistrements SPF, vous pouvez améliorer la délivrabilité de vos messages, réduire les risques de spam et prévenir l’usurpation d’adresse e-mail.
DomainKeys Identified Mail (DKIM)
DKIM est une signature numérique ajoutée à chaque e-mail que vous envoyez. Elle fonctionne en complément des enregistrements SPF.
En plus de vérifier l’authenticité de l’expéditeur, DKIM permet de s’assurer que le contenu du message n’a pas été altéré ou modifié pendant son acheminement. C’est un moyen efficace de garantir l’intégrité des e-mails et de renforcer la confiance des destinataires.
Pour configurer DKIM, il faut publier une clé publique dans les enregistrements DNS de votre domaine. Lorsqu’un e-mail est envoyé, votre serveur génère une empreinte numérique du message (incluant le contenu et les titres) et la signe à l’aide d’une clé privée, qui reste confidentielle.
Lors de la réception, le serveur du destinataire utilise la clé publique pour vérifier si cette signature est bien authentique. Si l’empreinte correspond, cela signifie que le message n’a pas été altéré pendant son envoi.
Cette méthode garantit l’intégrité de vos e-mails et empêche les attaquants de se faire passer pour vous, puisqu’ils ne possèdent pas la clé privée nécessaire pour signer les messages.
DMARC (Domain-based Message Authentication, Reporting and Conformance)
DMARC est une méthode d’authentification avancée conçue pour prévenir le spoofing e-mail. Elle repose sur les protocoles SPF et DKIM, et permet de définir une politique claire à appliquer lorsqu’un message échoue à ces vérifications.
Concrètement, DMARC vous permet de publier une politique dans votre DNS indiquant aux serveurs de messagerie des destinataires quoi faire lorsqu’un e-mail ne passe pas les contrôles SPF ou DKIM. Trois actions sont possibles :
Action 1 : Aucune action
Aucune mesure n’est prise, même si le message échoue aux vérifications SPF ou DKIM.
L’e-mail est quand même transmis dans la boîte de réception du destinataire.
Action 2 : Quarantine
L’e-mail est livré, mais redirigé vers le dossier des spams ou courrier indésirable, car il n’a pas passé les contrôles SPF/DKIM.
Action 3 : Rejeter
Si cette politique est choisie, tout e-mail qui échoue aux vérifications SPF ou DKIM est simplement rejeté. Il ne sera jamais livré au destinataire.
Comment Zoho Campaigns vous aide à prévenir le spoofing d’identité par email et à protéger votre domaine
Zoho Campagins permet à chaque utilisateur de configurer facilement les enregistrements SPF et DKIM afin d’authentifier son domaine.
Si un email réussit les vérifications SPF et DKIM, la politique DMARC ne s’applique pas. En revanche, si l’une de ces vérifications échoue, le serveur de réception consulte alors la politique DMARC du domaine pour déterminer comment traiter le message. Il est important de noter qu’une politique DMARC ne peut être activée qu’après la mise en place des enregistrements SPF et DKIM, sans quoi la validation DMARC échouera.
Une fois l’authentification SPF et DKIM configurée pour votre domaine, vous pouvez définir la politique DMARC dans les enregistrements DNS de votre domaine. Vous pouvez en apprendre davantage sur la configuration des enregistrements DMARC ici.
Configurer SPF et DKIM permet non seulement de lutter contre spoofing e-mail, mais aussi d’améliorer la délivrabilité de vos messages. En plus de SPF et DKIM, Zoho Campaigns propose également plusieurs fonctionnalités axées sur la délivrabilité, afin d'assurer que vos emails atteignent toujours la boîte de réception.
E-mail spoofing évolue constamment, et rester passif face à cette menace peut entraîner des pertes financières ou nuire à la réputation de votre entreprise.
En mettant en place de manière proactive des protocoles d’authentification email tels que SPF, DKIM et DMARC, les entreprises peuvent réduire considérablement les risques liés à l’usurpation d’identité par email.
L'équipe Zoho France
Topic Participants
Kinjal Lodaya
Sticky Posts
Collaboration sans faille avec Zoho One
Bonjour à tous, Dans cet article nous allons voir comment Zoho One permet une collaboration à différents niveaux . La façon dont nous travaillons évolue. À mesure que les entreprises se mondialisent, la plupart des activités sont menées en équipe.
Recent Topics
Introducing WhatsApp integration in Bigin
Greetings! In today's business landscape, messaging apps play a significant role in customer operations. Customers can engage with businesses, seek support, ask questions, receive personalized recommendations, read reviews, and even make purchases—allWhy is Zoho Meeting quality so poor?
I've just moved from Office 365 to Zoho Workplace and have been generally really positive about the new platform -- nicely integrated, nice GUI, good and easy-to-understand control and customisation, and at a reasonable price. However, what is going onAllow Manual Popup Canvas Size Control
Hello Zoho PageSense Team, We hope you're doing well. We would like to request an enhancement to the PageSense popup editor regarding popup sizing. Current Limitation: Currently, the size (width and height) of a popup is strictly controlled by the selectedWhy does Zoho’s diff viewer highlight parts of unchanged lines?
Hi everyone, I’ve noticed something odd in the Zoho editor’s diff view. When I delete a single line, the diff doesn’t just mark that line as removed. Instead, it highlights parts of the next line as if they changed, even though they are identical. Example:All new Address Field in Zoho CRM: maintain structured and accurate address inputs
The address field will be available exclusively for IN DC users. We'll keep you updated on the DC-specific rollout soon. It's currently available for all new sign-ups and for existing Zoho CRM orgs which are in the Professional edition. Latest updateCRM x WorkDrive: File storage for new CRM signups is now powered by WorkDrive
Availability Editions: All DCs: All Release plan: Released for new signups in all DCs. It will be enabled for existing users in a phased manner in the upcoming months. Help documentation: Documents in Zoho CRM Manage folders in Documents tab Manage filesWrapping up 2025 on a high note: CRM Release Highlights of the year
Dear Customers, 2025 was an eventful year for us at Zoho CRM. We’ve had releases of all sizes and impact, and we are excited to look back, break it down, and rediscover them with you! Before we rewind—we’d like to take a minute and sincerely thank youPassing the CRM
Hi, I am hoping someone can help. I have a zoho form that has a CRM lookup field. I was hoping to send this to my publicly to clients via a text message and the form then attaches the signed form back to the custom module. This work absolutely fine whenWhere can we specify custom CSS in Zoho Forms custom theme ?
I'm using a form with a dark theme. The OTP popup window is unreadable, because for some reason, the OTP popup background fixes color to white, but still takes the font color specified in the custom theme. This ends up as white on white for me, renderingAutomating Employee Birthday Notifications in Zoho Cliq
Have you ever missed a birthday and felt like the office Grinch? Fear not, the Cliq Developer Platform has got your back! With Zoho Cliq's Schedulers, you can be the office party-cipant who never forgets a single cake, balloon, or awkward rendition ofDrop Down Value
Hi, May I know why Zoho Flow treat this drop down as number and not as string. If so, how can I fetch the right value for filtering. This field is from Creator, in Creator upon checking by default it is a string since it's not a lookup field.Create PO from an invoice
We are a hardware and software sales company which receives orders over the internet. We drop ship most of our products from a warehouse outside of our company. Our orders get sync'd into Zoho from our store via onesaas as invoices. It would be greatSMS to customers from within Bigin
Hi All, Is there anyone else crying out for Bigin SMS capability to send an SMS to customers directly from the Bigin interface? We have inbuilt telephony already with call recordings which works well. What's lacking is the ability to send and receiveZoho Survey reminder settings are extremely confusing
Hi, I just want to set 3 reminders, one week apart from the first email out. Your form is too confusing and I don't understand. Can you simplify and be more specific regarding the language used on the form ?Add deluge function to shorten URLs
Zoho Social contains a nice feature to shorten URLs using zurl.co. It would be really helpful to have similar functionality in a Deluge call please, either as an inbuilt function or a standard integration. My Creator app sends an email with a personalisedAdd specific field value to URL
Hi Everyone. I have the following code which is set to run from a subform when the user selects a value from a lookup field "Plant_Key" the URL opens a report but i want the report to be filtered on the matching field/value. so in the report there isform data load issue when saving as duplicate record is made
Hello. I have a form with a lookup when a value is selected the data from the corresponding record is filled into all of the fields in the form. But the form is loaded in such a state that if any value is changed it will take all of the values pre loadedRecurring Tasks and Reminders in Projects
Recurring tasks are tasks that are created once, and then recreated automatically after a designated time period. For example, the invoice for your billable tasks is due every week. You can set that task to recreate itself every week. Also, the futureUnable to remove the “Automatically Assigned” territory from existing records
Hello Zoho Community Team, We are currently using Territory Management in Zoho CRM and have encountered an issue with automatically assigned territories on Account records. Once any account is created the territory is assigned automatically, the AutomaticallyTrack online, in-office, and client location meetings separately with the new meeting venue option
Hello everyone! We’re excited to announce meeting enhancements in Zoho CRM that bring more clarity and structure to how meetings are categorized. You can now specify the meeting venue to clearly indicate whether a meeting is being held online, at theGoogle Fonts Integration in Pagesense Popup Editor
Hello Zoho Pagesense Team, We hope you're doing well. We’d like to submit a feature request to enhance Zoho Pagesense’s popup editor with Google Fonts support. Current Limitation: Currently, Pagesense offers a limited set of default fonts. Google FontsImproved Contact Sync flow in Google Integration with Zoho CRM
Hello Everyone, Your contact sync in Google integration just got revamped! We have redesigned the sync process to give users more control over what data flows into Google and ensure that this data flows effortlessly between Zoho CRM and Google. With thisCRM Canvas - Upload Attachments
I am in the process of changing my screens to Canvas. On one screen, I have tabs with related lists, one of which is attachments. There doesn't appear to be a way to upload documents though. Am I missing something really obvious? Does anyone havePro Lite Upgrade - Quick Access Tray
Hello, I was going to upgrade to Pro Lite but the Quick Access Tray feature isn't available for Windows. Of the four features not available for Windows, the QAT is what I'm most interested in. Are there plans to add this feature for Windows anytime soon?Custom Fonts in Zoho CRM Template Builder
Hi, I am currently creating a new template for our quotes using the Zoho CRM template builder. However, I noticed that there is no option to add custom fonts to the template builder. It would greatly enhance the flexibility and branding capabilities ifImproved Functionality PO Bill SO Invoice
Hello, I need to enter over 100 items, it's frustrating to scroll a few item rows and wait for more to load, then scroll again. It would be nice to have buttons that scroll to the top or bottom with one click. Furthermore, these items I'm adding are VATCamera access
My picture doesn't appear in a group discussion. (The audio is fine.) The guide says "Click the lock icon on address bar," but I can't find it. Advise, pleaseWishes for 2026
Hello, and a happy new year 2026! Let's hope it's better for everyone. I'd like to share some thoughts on Zoho One and what could be useful in the short, medium, and long term. Some things are already there, but not applied to Zoho One. Others seem likeHow to Integrate Zoho Books with Xero (No Native Connection Available)
Hi everyone, I’m currently facing an issue with integrating Zoho Books invoices with Xero, as I’ve noticed Zoho does not provide a native integration with Xero at this time. I would like to ask: What are the common or recommended solutions for syncingHow to install Widget in inventory module
Hi, I am trying to install a app into Sales Order Module related list, however there is no button allow me to do that. May I ask how to install widget to inventory module related list?Picklist field shows "none" as default
Hello, Is there an option to avoid showing "none" as the default value in a picklist field? I also don't want to see any option displayed. My expectation is to have a blank bar, and then when I display the drop-down list, I can choose whichever I waerror while listing mails
I can't access email in any of my folders: Oops, an error occurred - retry produces the second error response: error while listing mails (cannot parse null string). I've signed in and out of Zoho, restarted my iMac.Unlocking New Levels: Zoho Payroll's Journey in 2025
Every year brings its own set of challenges and opportunities to rethink how payroll works across regulations and teams. In 2025, Zoho Payroll continued to evolve with one clear focus: giving businesses more flexibility, clarity, and control as they grow.Introducing Connected Records to bring business context to every aspect of your work in Zoho CRM for Everyone
Hello Everyone, We are excited to unveil phase one of a powerful enhancement to CRM for Everyone - Connected Records, available only in CRM's Nextgen UI. With CRM for Everyone, businesses can onboard all customer-facing teams onto the CRM platform toSend Supervisor Rule Emails Within Ticket Context in Zoho Desk
Dear Zoho Desk Team, I hope this message finds you well. Currently, emails sent via Supervisor Rules in Zoho Desk are sent outside of the ticket context. As a result, if a client replies to such emails, their response creates a new ticket instead of appendingCRM project association via deluge
I have created a workflow in my Zoho CRM for closing a deal. Part of this workflow leverages a deluge script to create a project for our delivery team. Creating the project works great however, after or during the project creation, I would like to associateZoho Browser??
hai guys, this sounds awkward but can v get a ZOHO BROWSER same as zoho writer, etc. where i can browse websites @ home and continue browsing the same websites @ my office, as v have the option in Firefox, once i save and close the browser and again when i open it i will be getting the same sites. If u people r not clear with my explanation, plz let me know. Thanks, SandeepSync desktop folders instantly with WorkDrive TrueSync (Beta)
Keeping your important files backed up and accessible has never been easier! With WorkDrive desktop app (TrueSync), you can now automatically sync specific desktop folders to WorkDrive Web, ensuring seamless, real-time updates across devices. Important:MCP no longer works with Claude
Anyone else notice Zoho MCP no longer works with Claude? I'm unable to turn this on in the claude chat. When I try to toggle it on, it just does nothing at all. I've tried in incognito, new browsers, etc. - nothing seems to work.Enable History Tracking for Picklist Values Not Available
When I create a custom picklist field in Deals, the "Enable History Tracking for Picklist Values" option is not available in the Edit Properties area of the picklist. When I create a picklist in any other Module, that option is available. Is there a specific reason why this isn't available for fields in the Deals Module?Next Page