E-mail Spoofing : Comment l’éviter et protéger votre entreprise

E-mail Spoofing : Comment l’éviter et protéger votre entreprise


Vous est-il déjà arrivé de recevoir un e-mail qui semblait légitime — avec le bon logo, un ton familier — mais qui vous a tout de même paru suspect ? Pire encore, un de vos clients vous a-t-il déjà contacté après avoir reçu un e-mail douteux qui semblait provenir de votre entreprise ?
C’est ça, le spoofing d’e-mail.
Le spoofing d’e-mail est une technique utilisée par des cybercriminels pour falsifier l’adresse de l’expéditeur afin de faire croire que le message provient d’une source fiable — souvent une entreprise connue. Leur objectif ? Tromper le destinataire pour l’amener à cliquer sur un lien malveillant ou à divulguer des informations sensibles.
Dans cet article, nous allons vous expliquer comment fonctionne le spoofing d’e-mail, les risques qu’il représente et, surtout, les actions que vous pouvez mettre en place pour protéger votre entreprise et vos clients.

À quoi ressemble un e-mail spoof ?

Voici les éléments clés à surveiller pour identifier un e-mail spoofé :
  • Spoofing du nom d’affichage : un e-mail où le nom d’affichage est identique ou très proche de celui d’un employé réel de l’entreprise. Cela crée un faux sentiment de légitimité.
  • Spoofing du domaine : l’expéditeur falsifie non seulement le nom d’affichage, mais aussi le nom de domaine de l’entreprise. L’adresse e-mail semble alors provenir du domaine officiel, rendant la fraude plus difficile à détecter.
  • Adresse de l’expéditeur suspecte : c’est souvent un indice révélateur. Même si le nom d’affichage peut sembler familier, le domaine qui suit le symbole “@” est souvent différent ou étrange. Cela trahit généralement une tentative de spoofing.
  • Un ton pressant ou menaçant : les cybercriminels utilisent souvent un langage alarmant pour pousser le destinataire à agir rapidement, sans prendre le temps de réfléchir. Cela peut inclure des menaces ou une fausse urgence.
  • Promesses de gains ou de cadeaux : ces e-mails prétendent souvent que vous avez gagné un prix ou une récompense. Cela pousse les victimes à fournir des informations personnelles ou à cliquer sur des liens ou pièces jointes malveillants pouvant infecter leurs appareils.
  • Incohérences visuelles : certains e-mails spoofés présentent des logos obsolètes, des fautes de mise en page ou un format différent des communications habituelles de l’entreprise. Bien que les fraudeurs deviennent de plus en plus habiles à imiter le style visuel, certaines tentatives restent faciles à repérer.

Stopper le spoofing d’e-mail : les bonnes pratiques à connaître

Le spoofing d’e-mail peut être limité, voire empêché, en configurant plusieurs mécanismes d’authentification comme SPF, DKIM et DMARC. Chacun joue un rôle distinct dans la vérification des messages, mais c’est leur mise en œuvre conjointe qui permet de protéger efficacement votre domaine contre les tentatives de spoofing.

Sender Policy Framework (SPF)

SPF est un protocole d’authentification des e-mails conçu pour vérifier l’identité de l’expéditeur.
Pour mettre en place SPF, vous devez déclarer les adresses IP ou serveurs de messagerie autorisés à envoyer des e-mails en votre nom. Lorsqu’un e-mail est reçu, le serveur de réception interroge le serveur DNS du domaine pour vérifier si l’adresse IP de l’expéditeur figure bien parmi celles autorisées. Si ce n’est pas le cas, le message peut être marqué comme suspect ou bloqué.
L’e-mail n’est délivré dans la boîte de réception du destinataire que s’il provient d’une adresse IP autorisée et s’il réussit la validation SPF. En configurant correctement les enregistrements SPF, vous pouvez améliorer la délivrabilité de vos messages, réduire les risques de spam et prévenir l’usurpation d’adresse e-mail.


DomainKeys Identified Mail (DKIM)

DKIM est une signature numérique ajoutée à chaque e-mail que vous envoyez. Elle fonctionne en complément des enregistrements SPF.
En plus de vérifier l’authenticité de l’expéditeur, DKIM permet de s’assurer que le contenu du message n’a pas été altéré ou modifié pendant son acheminement. C’est un moyen efficace de garantir l’intégrité des e-mails et de renforcer la confiance des destinataires.
Pour configurer DKIM, il faut publier une clé publique dans les enregistrements DNS de votre domaine. Lorsqu’un e-mail est envoyé, votre serveur génère une empreinte numérique du message (incluant le contenu et les titres) et la signe à l’aide d’une clé privée, qui reste confidentielle.
Lors de la réception, le serveur du destinataire utilise la clé publique pour vérifier si cette signature est bien authentique. Si l’empreinte correspond, cela signifie que le message n’a pas été altéré pendant son envoi.
Cette méthode garantit l’intégrité de vos e-mails et empêche les attaquants de se faire passer pour vous, puisqu’ils ne possèdent pas la clé privée nécessaire pour signer les messages.

DMARC (Domain-based Message Authentication, Reporting and Conformance)

DMARC est une méthode d’authentification avancée conçue pour prévenir le spoofing e-mail. Elle repose sur les protocoles SPF et DKIM, et permet de définir une politique claire à appliquer lorsqu’un message échoue à ces vérifications.
Concrètement, DMARC vous permet de publier une politique dans votre DNS indiquant aux serveurs de messagerie des destinataires quoi faire lorsqu’un e-mail ne passe pas les contrôles SPF ou DKIM. Trois actions sont possibles :
Action 1 : Aucune action
Aucune mesure n’est prise, même si le message échoue aux vérifications SPF ou DKIM.
L’e-mail est quand même transmis dans la boîte de réception du destinataire.
Action 2 : Quarantine
L’e-mail est livré, mais redirigé vers le dossier des spams ou courrier indésirable, car il n’a pas passé les contrôles SPF/DKIM.
Action 3 : Rejeter
Si cette politique est choisie, tout e-mail qui échoue aux vérifications SPF ou DKIM est simplement rejeté. Il ne sera jamais livré au destinataire.


Comment Zoho Campaigns vous aide à prévenir le spoofing d’identité par email et à protéger votre domaine

Zoho Campagins permet à chaque utilisateur de configurer facilement les enregistrements SPF et DKIM afin d’authentifier son domaine.
Si un email réussit les vérifications SPF et DKIM, la politique DMARC ne s’applique pas. En revanche, si l’une de ces vérifications échoue, le serveur de réception consulte alors la politique DMARC du domaine pour déterminer comment traiter le message. Il est important de noter qu’une politique DMARC ne peut être activée qu’après la mise en place des enregistrements SPF et DKIM, sans quoi la validation DMARC échouera.
Une fois l’authentification SPF et DKIM configurée pour votre domaine, vous pouvez définir la politique DMARC dans les enregistrements DNS de votre domaine. Vous pouvez en apprendre davantage sur la configuration des enregistrements DMARC ici.
Configurer SPF et DKIM permet non seulement de lutter contre spoofing e-mail, mais aussi d’améliorer la délivrabilité de vos messages. En plus de SPF et DKIM, Zoho Campaigns propose également plusieurs fonctionnalités axées sur la délivrabilité, afin d'assurer que vos emails atteignent toujours la boîte de réception.
E-mail spoofing évolue constamment, et rester passif face à cette menace peut entraîner des pertes financières ou nuire à la réputation de votre entreprise.
En mettant en place de manière proactive des protocoles d’authentification email tels que SPF, DKIM et DMARC, les entreprises peuvent réduire considérablement les risques liés à l’usurpation d’identité par email.

L'équipe Zoho France

    • Sticky Posts

    • Collaboration sans faille avec Zoho One

      Bonjour à tous, Dans cet article nous allons voir comment Zoho One permet une collaboration à différents niveaux .       La façon dont nous travaillons évolue. À mesure que les entreprises se mondialisent, la plupart des activités sont menées en équipe.

    • Recent Topics

    • Marketing Tip #7: Add a blog to your online store

      A blog is more than content. It’s a magnet for new customers. Sharing product guides, styling tips, or industry insights through blog posts builds trust and helps you rank higher on search engines. Try this today: Write one blog post answering a common

    • Kanban view on Zoho CRM mobile app!

      What is Kanban? The name doesn't sound English, right? Yes, Kanban is a Japanese word which means 'Card you can see'. As per the meaning, Kanban in CRM is a type of list view in which the records will be displayed in cards and categorized under the given

    • Allow Regular Users to Directly Transfer Ownership of Files & Folders

      Hi Zoho WorkDrive Team, Hope you are doing well. We would like to request an important enhancement related to file and folder ownership management in Zoho WorkDrive. At the moment, a regular user cannot directly transfer ownership of their files or folders

    • STOCK history in zohosheets

      is it possible to get historical stock value using stock function in zoho sheets? i could not see from and to period in the helper document.

    • Scheduled Reports - Do not send empty report

      Hello, We are intensively using reports in the CRM, especially for sales managers.  When data is empty, they still receive an email. Can you add an option to avoid sending the report when data is empty?

    • Customised Funnel

      We are running the standard plan for our ZOHO CRM. I have been asked if there is a way to combine data from the Calls module, Deals module and Contact Module into 1 funnel, similar to the view you can get when viewing Deals By Stages, you can see the

    • Trigger Zapier on Deluge Insert Into Function?

      Hello, To get around the limitation of not being able to trigger a Zapier Zap on Record Update(this would be extremely useful to be able to do btw), I have created a Deluge script to copy the data from Form A to a Trigger Form B using the Insert Into expression from a Custom Action button on a Report from Form A.  This action does not trigger the Zapier Zap whereas manually adding a record or duplicating an existing record does trigger the Zap. Is Insert Into not the same as a manual Add in the context

    • Can you inject JS in an HML+CSS+Deluge Page?

      I have an HTML + CSS + Deluge page and need just a little vanilla JS functionality. However, it seems like Zoho Creator does not allow that. I'm required to create a JS widget. Is this correct? If so: 1. Won't this quickly consume my API limit if there

    • Display Client Name in Zoho Creator Client Portal Dashboard

      Hello Zoho Creator Team, We hope you are doing well. Zoho Creator recently introduced the option to set a client’s display name in the Client Portal settings, which is very helpful for providing a personalized portal experience. However, there is currently

    • Finding missing records

      I have a challenge and I am not really sure where to start with it. I can't find any similar threads on here, can anyone help: I have two forms, FormA and FormB. Both forms have records that contain a field called Job_Number. What I am trying to achieve

    • Creator HTML page refresh

      Hi, I have added around 5 different html snippets in single creator page. I understand, I can refresh the entire page from page script using Navigational URLs https://help.zoho.com/portal/en/kb/creator/developer-guide/others/url-patterns/articles/navigational-urls

    • Custom Related List Inside Zoho Books

      Hello, We can create the Related list inside the zoho books by the deluge code, I am sharing the reference code Please have a look may be it will help you. //..........Get Org Details organizationID = organization.get("organization_id"); Recordid = cm_g_a_data.get("module_record_id");

    • Zoho Vault API: Create new Secrets

      Hello, I attempt to Post Secrets to the vault, since the encrypted entries are almost impossible to decrypt, since there is no documentation on how to decrypt them. Like with the lack of documentation on how to descrypt, there are missing information regarding on how to create new secrets/post secrets. Source: https://www.zoho.com/vault/api/#create-a-new-secret When I try to send JSON Informationen as a POST-Request I only receive the error message: {     "operation": {         "result": {             "error_code": "",

    • Introducing the all-new email parser!

      Greetings, We are pleased to introduce to you, a brand-new, upgraded version of the Zoho CRM Email Parser, which is packed with fresh features and has been completely redesigned to meet latest customers needs and their business requirements. On that note,

    • Marketer’s Space - Multi-Channel Campaigns for the Biggest Shopping Week with Zoho Marketing Automation

      Hello marketers, Welcome back to another post in Marketers Space! The biggest shopping week of the year is almost here, and it’s your moment to shine without the stress. With Black Friday and Cyber Monday just around the corner, being present across email,

    • Is there a problem with sharing workdrive files with links since last night?

      As per title, we can't access folders/files through share links since last night. I created ticket but we need quick solution and didn't hear back from the support yet. The files are still accessible by the main account but all zoho files that we are

    • Managing functions

      Can someone let me know if there are any plans to improve the features for managing functions in CRM? I have lots of functions and finding them is hard. The search only works on the function name and the filter only works on function type. I have created a naming convention based on tags to filter the list which helps a bit and for some projects I keep lists in a spreadsheet.  I'd like a spreadsheet-style list in CRM with a few custom fields and a way to construct views (like in modules). Maybe even

    • Enable Screen Recording in Zoho WorkDrive Mobile Apps (Android & iOS)

      Hi Zoho WorkDrive Team, How are you? We are enthusiastic Zoho One users and rely heavily on Zoho WorkDrive for internal collaboration and content sharing. The screen-recording feature in the WorkDrive web app (similar to Loom) is extremely useful- however,

    • Issue in Annual Leave

      We created a policy to credit 21 days at the Start of the Year An employee has taken 16 days of leaves thought the year, so we expect to see 5 Leaves remaining right? But Zoho People is Showing 12 Days of Leave Balance Available If we check the Leave

    • Flow - Fetch info from drop down in another module

      I am running into a road block which I thought would be a simple task. My goal - The account is assigned to a "route" which can be selected from a drop down menu and adds a tag to the account accordingly (easy enough). Now when I create a task for this

    • Tags get removed from notes on mobile

      I don't know why this keeps happening even after all these app updates but if you log out and log back into the app or you reinstall it, all the tags you assigned to your notes get taken off, but if you go on the desktop version the tags are still there.

    • Production Management Tool (MRP / BOM)

      Hi Guys, is there any recommended App available that works with zoho and covers the needed applications for a production? What we need is a system that covers the BOM (bill of materials), MRP (material ressources planning), MRP II (manufacturing ressources

    • Function #53: Transaction Level Profitability for Invoices

      Hello everyone, and welcome back to our series! We have previously provided custom functions for calculating the profitability of a quote and a sales order. There may be instances where the invoice may differ from its corresponding quote or sales order.

    • Prevent Unapproved Quotes from Exporting to Zoho CRM Finance Module

      Is it possible to prevent unapproved quotes in Zoho Books from being exported from Zoho Finance module inside Zoho CRM?

    • Bug in Zoho Cliq Signup Flow – "%s" Placeholder Visible Instead of Product Name

      Hi Zoho Team, I would like to report a UI bug in the Zoho Cliq signup/enable flow. During the step where Cliq asks to enable the product for the company, the following text appears: Great! Your company is already available in Zoho, so you just have to

    • Account name not populating when importing contacts

      When importing a csv file to add contacts the account name is blank? Every other filed gets mapped and imported correctly, i.e contact name, phone number. However not the account name which I have mapped to "company" field in my csv file

    • Zoho Invoice Customer Login Portal

      Are there any plans for a customer portal to Zoho Invoice, ala Freshbooks?  I would like customers that I invoice to be able to login to review invoices and invoice history.  I have not switched from Freshbooks for this very reason.

    • Exporting tickets

      I went to Setup -> Organization -> Import/Export in order to export tickets but found 2 issues: 1. The email body never gets exported. 2. There are some large numbers (like 5.57E+16) under certain columns of the exported CSV file. I could not find any export options. Please can you help with this?

    • Editing the Ticket Properties column

      This is going to sound like a dumb question, but I cannot figure out how to configure/edit the sections (and their fields) in this column: For example, we have a custom "Resolution" field, which parked itself in the "Ticket Information" section of this

    • Copy field information to clipboard

      I need to be able to transfer some field information in to the clipboard, so that I can then paste it in to our helpdesk system. Is there a way I could add a button to a detail report that does this?

    • Issuing reconciling a bank statement

      HELP! I'm trying to reconcile a bank statement. The prior month reconciled perfectly. Beginning balance is correct yet I'm off by the same amount each time. Both myself and my office manager, separately and together, have tried to complete this reconciliation

    • Use the searchBy parameter to find user by email address

      I'm trying to find a user is Zoho Desk via the Api. In the documentation I see that there is the possibility to add a searchBy parameter in the request. But I can't find how the search values should be formatted. I've tried multiple things and get either

    • Correlated subqueries not supported in Zoho Analytics. This creates huge limitations

      Running into a major limitation in Zoho Analytics: correlated subqueries simply don’t work, even in completely standard SQL patterns inside a JOIN. Example: LEFT JOIN "Bills" b ON d."Id" = b."Deal ID" AND EXISTS ( SELECT 1 FROM "Bill

    • Unknown table or alias 'A1'

      I would like to create a subquery but i am getting the following error: Unknown table or alias 'A1' used in select query. This is the sql statement:  SELECT A1.active_paying_customers, A1.active_trial_customers, A1.new_paying_signup, date(A1.date_active_customers), 

    • Detect and ignore bots in visitors

      The SalesIQ visitor numbers are basically useless to us because there is no bot detection. We get the same bots coming in from the same countries looking at the same pages every day. It can't be that difficult to tell the difference between an actual

    • Zoho CRM - Rename "Estimates" in CRM Finance Suite Integration to "Quotes"

      I'm not sure if it's been 2 or 3 years now since Zoho Books renamed Estimates to Quotes. I still see "Estimates" in the Zoho CRM integration. Could this be added to Translation settings so that some customisation could be made on an account by account

    • Add Real-Time Microphone Audio-Level Indicator During Screen Recording

      Hi Zoho WorkDrive Team, Hope you are doing well. We would like to request an important enhancement to the Zoho WorkDrive screen-recording experience. Current Limitation: During a recording session, there is no visual indication that the microphone is

    • Properly Capture Dropdowns & Hover Elements When Recording a Window/Tab

      Hi Zoho WorkDrive Team, Hope you are doing great. We encountered a limitation when recording a selected window or browser tab: Certain UI elements, such as dropdown lists, hover menus, and overlays, are not captured unless we record the entire screen.

    • Allow Recording Only a Selected Portion of the Screen

      Hi Zoho WorkDrive Team, Hope you are doing well. We would like to request a more flexible recording option in Zoho WorkDrive. At the moment, we can record either the entire screen or a specific window/tab — but not a custom selected portion of the screen

    • Add Camera Background Blur During Recording

      Hi Zoho WorkDrive Team, Hope everything is well. We would like to request an enhancement to the video recording feature in Zoho WorkDrive. Currently, the camera preview displayed during a recording does not support background blur. This is an essential

    • Next Page