E-mail Spoofing : Comment l’éviter et protéger votre entreprise

E-mail Spoofing : Comment l’éviter et protéger votre entreprise


Vous est-il déjà arrivé de recevoir un e-mail qui semblait légitime — avec le bon logo, un ton familier — mais qui vous a tout de même paru suspect ? Pire encore, un de vos clients vous a-t-il déjà contacté après avoir reçu un e-mail douteux qui semblait provenir de votre entreprise ?
C’est ça, le spoofing d’e-mail.
Le spoofing d’e-mail est une technique utilisée par des cybercriminels pour falsifier l’adresse de l’expéditeur afin de faire croire que le message provient d’une source fiable — souvent une entreprise connue. Leur objectif ? Tromper le destinataire pour l’amener à cliquer sur un lien malveillant ou à divulguer des informations sensibles.
Dans cet article, nous allons vous expliquer comment fonctionne le spoofing d’e-mail, les risques qu’il représente et, surtout, les actions que vous pouvez mettre en place pour protéger votre entreprise et vos clients.

À quoi ressemble un e-mail spoof ?

Voici les éléments clés à surveiller pour identifier un e-mail spoofé :
  • Spoofing du nom d’affichage : un e-mail où le nom d’affichage est identique ou très proche de celui d’un employé réel de l’entreprise. Cela crée un faux sentiment de légitimité.
  • Spoofing du domaine : l’expéditeur falsifie non seulement le nom d’affichage, mais aussi le nom de domaine de l’entreprise. L’adresse e-mail semble alors provenir du domaine officiel, rendant la fraude plus difficile à détecter.
  • Adresse de l’expéditeur suspecte : c’est souvent un indice révélateur. Même si le nom d’affichage peut sembler familier, le domaine qui suit le symbole “@” est souvent différent ou étrange. Cela trahit généralement une tentative de spoofing.
  • Un ton pressant ou menaçant : les cybercriminels utilisent souvent un langage alarmant pour pousser le destinataire à agir rapidement, sans prendre le temps de réfléchir. Cela peut inclure des menaces ou une fausse urgence.
  • Promesses de gains ou de cadeaux : ces e-mails prétendent souvent que vous avez gagné un prix ou une récompense. Cela pousse les victimes à fournir des informations personnelles ou à cliquer sur des liens ou pièces jointes malveillants pouvant infecter leurs appareils.
  • Incohérences visuelles : certains e-mails spoofés présentent des logos obsolètes, des fautes de mise en page ou un format différent des communications habituelles de l’entreprise. Bien que les fraudeurs deviennent de plus en plus habiles à imiter le style visuel, certaines tentatives restent faciles à repérer.

Stopper le spoofing d’e-mail : les bonnes pratiques à connaître

Le spoofing d’e-mail peut être limité, voire empêché, en configurant plusieurs mécanismes d’authentification comme SPF, DKIM et DMARC. Chacun joue un rôle distinct dans la vérification des messages, mais c’est leur mise en œuvre conjointe qui permet de protéger efficacement votre domaine contre les tentatives de spoofing.

Sender Policy Framework (SPF)

SPF est un protocole d’authentification des e-mails conçu pour vérifier l’identité de l’expéditeur.
Pour mettre en place SPF, vous devez déclarer les adresses IP ou serveurs de messagerie autorisés à envoyer des e-mails en votre nom. Lorsqu’un e-mail est reçu, le serveur de réception interroge le serveur DNS du domaine pour vérifier si l’adresse IP de l’expéditeur figure bien parmi celles autorisées. Si ce n’est pas le cas, le message peut être marqué comme suspect ou bloqué.
L’e-mail n’est délivré dans la boîte de réception du destinataire que s’il provient d’une adresse IP autorisée et s’il réussit la validation SPF. En configurant correctement les enregistrements SPF, vous pouvez améliorer la délivrabilité de vos messages, réduire les risques de spam et prévenir l’usurpation d’adresse e-mail.


DomainKeys Identified Mail (DKIM)

DKIM est une signature numérique ajoutée à chaque e-mail que vous envoyez. Elle fonctionne en complément des enregistrements SPF.
En plus de vérifier l’authenticité de l’expéditeur, DKIM permet de s’assurer que le contenu du message n’a pas été altéré ou modifié pendant son acheminement. C’est un moyen efficace de garantir l’intégrité des e-mails et de renforcer la confiance des destinataires.
Pour configurer DKIM, il faut publier une clé publique dans les enregistrements DNS de votre domaine. Lorsqu’un e-mail est envoyé, votre serveur génère une empreinte numérique du message (incluant le contenu et les titres) et la signe à l’aide d’une clé privée, qui reste confidentielle.
Lors de la réception, le serveur du destinataire utilise la clé publique pour vérifier si cette signature est bien authentique. Si l’empreinte correspond, cela signifie que le message n’a pas été altéré pendant son envoi.
Cette méthode garantit l’intégrité de vos e-mails et empêche les attaquants de se faire passer pour vous, puisqu’ils ne possèdent pas la clé privée nécessaire pour signer les messages.

DMARC (Domain-based Message Authentication, Reporting and Conformance)

DMARC est une méthode d’authentification avancée conçue pour prévenir le spoofing e-mail. Elle repose sur les protocoles SPF et DKIM, et permet de définir une politique claire à appliquer lorsqu’un message échoue à ces vérifications.
Concrètement, DMARC vous permet de publier une politique dans votre DNS indiquant aux serveurs de messagerie des destinataires quoi faire lorsqu’un e-mail ne passe pas les contrôles SPF ou DKIM. Trois actions sont possibles :
Action 1 : Aucune action
Aucune mesure n’est prise, même si le message échoue aux vérifications SPF ou DKIM.
L’e-mail est quand même transmis dans la boîte de réception du destinataire.
Action 2 : Quarantine
L’e-mail est livré, mais redirigé vers le dossier des spams ou courrier indésirable, car il n’a pas passé les contrôles SPF/DKIM.
Action 3 : Rejeter
Si cette politique est choisie, tout e-mail qui échoue aux vérifications SPF ou DKIM est simplement rejeté. Il ne sera jamais livré au destinataire.


Comment Zoho Campaigns vous aide à prévenir le spoofing d’identité par email et à protéger votre domaine

Zoho Campagins permet à chaque utilisateur de configurer facilement les enregistrements SPF et DKIM afin d’authentifier son domaine.
Si un email réussit les vérifications SPF et DKIM, la politique DMARC ne s’applique pas. En revanche, si l’une de ces vérifications échoue, le serveur de réception consulte alors la politique DMARC du domaine pour déterminer comment traiter le message. Il est important de noter qu’une politique DMARC ne peut être activée qu’après la mise en place des enregistrements SPF et DKIM, sans quoi la validation DMARC échouera.
Une fois l’authentification SPF et DKIM configurée pour votre domaine, vous pouvez définir la politique DMARC dans les enregistrements DNS de votre domaine. Vous pouvez en apprendre davantage sur la configuration des enregistrements DMARC ici.
Configurer SPF et DKIM permet non seulement de lutter contre spoofing e-mail, mais aussi d’améliorer la délivrabilité de vos messages. En plus de SPF et DKIM, Zoho Campaigns propose également plusieurs fonctionnalités axées sur la délivrabilité, afin d'assurer que vos emails atteignent toujours la boîte de réception.
E-mail spoofing évolue constamment, et rester passif face à cette menace peut entraîner des pertes financières ou nuire à la réputation de votre entreprise.
En mettant en place de manière proactive des protocoles d’authentification email tels que SPF, DKIM et DMARC, les entreprises peuvent réduire considérablement les risques liés à l’usurpation d’identité par email.

L'équipe Zoho France

    • Sticky Posts

    • Collaboration sans faille avec Zoho One

      Bonjour à tous, Dans cet article nous allons voir comment Zoho One permet une collaboration à différents niveaux .       La façon dont nous travaillons évolue. À mesure que les entreprises se mondialisent, la plupart des activités sont menées en équipe.

    • Recent Topics

    • Is there a way to set Document Owner/Sender via the API

      When sending requests for zoho sign, it would seem zoho uses the id of the person that created the zoho api cred to determine the owner_id, is there a way to set a default for this?

    • Unlock your Zoho Vault with OneAuth, Windows Hello, TouchID, YubiKey, and many more!

      Hello everyone, We are thrilled to introduce one of the most highly requested features – the ability to unlock your Zoho Vault using various authenticators. The primary purpose of a password manager is to remember just one master password and securely

    • Has anyone built a ticket export that allows Help Center users to export the tickets shown in the My Area list they are looking at?

      Hi, We are moving to Zoho Desk soon. Our current support system displays an option in our help center allowing customers to export their Open, Closed, or all tickets based on which list they are looking at. We need to offer the same in Zoho Desk help

    • What's New - September 2025 | Zoho Backstage

      September has been a different month for Zoho Backstage. Instead of rolling out a long list of new features, we focused on something just as important: Performance, reliability, and stability The event season is in full swing, and organizers are running

    • Prevent stripping of custom CSS when creating an email template?

      Anyone have a workaround for this? Zoho really needs to hire new designers - templates are terrible. A custom template has been created, but every time we try to use it, it strips out all the CSS from the head.  IE, we'll define the styles right in the <head> (simple example below) and everything gets stripped (initially, it saves fine, but when you browse away and come back to the template, all the custom css is removed). <style type="text/css"> .footerContent a{display:block !important;} </style>

    • link to any Belgian bookkeeping software?

      Hello, Does anyone on this Forum can help me with the question whether the ZOHO CRM (Invoices) or ZOHO Book can be linked to software that is used for Belgian Bookkeeping/accountancy? By linking, I mean either with the help of a middleware program or either by the ability to export the custom made reports as CSV-files... If someone has an experience with online CRM-Accountancy in Belgium, with ZOHO (or other), it would be great to read it... Thank you

    • marketing automation

      wants to know about the zoho marketing automation

    • Create custom rollup summary fields in Zoho CRM

      Hello everyone, In Zoho CRM, rollup summary fields have been essential tools for summarizing data across related records and enabling users to gain quick insights without having to jump across modules. Previously, only predefined summary functions were

    • Zoho Slowness - Workarounds

      Hi all, We've been having intermittent slowness and Zoho just asks for same stuff each time but never fix it. It usually just goes away on it's own after a couple weeks. Given that speed is a very important thing for companies to be able to keep up with

    • issue with image thumbnails not showing in Image Selector

      We have been using Zoho Campaigns for over a year, maybe close to two years, and this issue just started happening in the last month. I wanted to wait to see if it would resolve on it's own, and it doesn't seem to be. The thumbnail images for all new

    • Transitioning to API Credits in Zoho Desk

      At Zoho Desk, we’re always looking for ways to help keep your business operations running smoothly. This includes empowering teams that rely on APIs for essential integrations, functions and extensions. We’ve reimagined how API usage is measured to give

    • Problems with email templates (HTML - Outlook)

      Hi there, I've been trying to create a newsletter from the template "Business 4". Everything looks great in the preview, but when I send it to my Outlook inbox, the layout doesn't seems to stick. More particularly: - The line-height is way more reduced, even though I used the line-height tool from the template - Columns but they are sometimes misaligned - Font size is not always the one I've selected. Could you help? Thanks!

    • Zoho CRM still doesn't let you manage timezones (yearly reminder)

      This is something I have asked repeatedly. I'll ask once again. Suppose that you work in France. Next month you have a trip to Guatemala. You call a contact there, close a meeting, record that meeting in CRM. On the phone, your contact said: "meet me

    • All new Address Field in Zoho CRM: maintain structured and accurate address inputs

      The address field will be available exclusively for IN DC users. We'll keep you updated on the DC-specific rollout soon. It's currently available for all new sign-ups and for existing Zoho CRM orgs which are in the Professional edition. Managing addresses

    • Organization Emails in Email History

      How can I make received Org Emails to show up here?

    • Zoho CRM IP Addresses to Whitelist

      We were told to whitelist IP addresses from Zoho CRM.  (CRM, not Zoho Mail.) What is the current list of IP Addresses to whitelist for outbound mail? Is there a website where these IP addresses are published and updated?  Everything I could find is over

    • How to create a drop down menu in Zoho Sheets

      I am trying to find out, how do I create a drop down option in Zoho sheet. I tried Data--> Data Validation --> Criteria --> Text  --> Contains. But that is not working, is there any other way to do it.  Thanks in Advance.

    • Introducing Keyboard Shortcuts for Zoho CRM

      Dear Customers, We're happy to introduce keyboard shortcuts for Zoho CRM features! Until now, you might have been navigating to modules manually using the mouse, and at times, it could be tedious, especially when you had to search for specific modules

    • Zoho CRM's custom views are now deployable from sandboxes

      This feature is now available for users in the AU, JP, and CN DCs. This feature is now available for users in CA and SA DCs. New update: This feature is now available for users in all DCs. Hello everyone, We're excited to announce that you can now deploy

    • Where are Kanban swimlanes

      So i've been playing with Zoho Projects Kanban view a bit more. It appears that task lists are being used as the Kanban columns, which makes sense from the implementation point of view but not the logical one.  Kanban columns are statuses that a task can flow through, while a task list has been a logical way to organize related tasks and relate them to a mislestone. In other words a task in a particular task can go through several stages while remaining in the same task list. After doing some research

    • Send Automated WhatsApp Messages and Leverage the Improved WhatsApp Templates

      Greetings, I hope all of you are doing well. We're excited to announce a major upgrade to Bigin's WhatsApp integration that brings more flexibility, interactivity, and automation to your customer messaging. WhatsApp message automation You can now use

    • Scheduling Calls in CommandCenter / Blueprints

      I would love it if you could add a function to schedule a call in the lead's record for a future date. I know you can add a Task by going to Instant Actions > Task and completing the form: These tasks go into the lead's record under Open Actions. But

    • Zoho One - Syncing Merchants and Vendors Between Zoho Expense and Zoho Books

      Hi, I'm exploring the features of Zoho One under the trial subscription and have encountered an issue with syncing Merchant information between Zoho Expense and Zoho Books. While utilizing Zoho Expense to capture receipts, I noticed that when I submit

    • Limit in number of records for subforms and multi-select lookup fields

      It is my understanding that a maximum of 100 items can be selected in a multi-select lookup field, and that a total of 200 items can be selected in total between both subforms in a given module.  Are there any ways to work around this limitation if we

    • Kaizen #136 - Zoho CRM Widgets using ReactJS

      Hey there! Welcome back to yet another insightful post in our Kaizen series! In this post, let's explore how to use ReactJS for Zoho CRM widgets. We will utilize the sample widget from one of our previous posts - Geocoding Leads' Addresses in ZOHO CRM

    • Way to update CRM records in quik view

      I have custom module in zoho crm and that module have 500 records. I want a quick way or UI so that user can easily update the record information in quick view without going to record detail view or edit view. I tried zoho sheet option but in zoho sheet

    • Getting Permission denied to access this portal.

      We have one user that can't login to projects even though access has been granted. This user can login to accounts.zoho.com but when login to https://projects.zoho.com/portals.do we get this error: Unauthorized login to this portal Permission denied to access this portal. Check your portal URL again. Sometimes we also get "server too busy". We have tried killing sessions (in accounts.zoho.com) and we have deleted cookies; and tried different computers and still the same problem. All others use can

    • Marketing Tip #1: Optimize item titles for SEO

      Your item title is the first thing both Google and shoppers notice. Instead of a generic “Leather Bag,” go for something detailed like “Handcrafted Leather Laptop Bag – Durable & Stylish.” This helps your items rank better in search results and instantly

    • Does Zoho Docs have a Line Number function ?

      Hi, when collaborating with coding tasks, I need an online real time share document that shows line numbers. Does Zoho's docs offer this feature ? If yes, how can I show them ? Regards, Frank

    • Ticket Status Colors

      Can i change the colors of Ticket Status in the admin panel? Or even change the background of the entire cell of a Critical ticket? This way its easy for my agents to see a urgent ticket when it comes in. Right now everything is black text. Here Right

    • Template usage

      Hi, We are using some templates as a response to customer questions. Is it possible to analyze the usage of these templates? We want to know if the use of our templates has increased over time

    • Setting Default Views for Custom, List and Detail Views

      Hey, Is it possible to set a default custom view, list view and detail view for a module for every user? We are onboarding a lot of non technical people that struggle with these things. Setting the views as default would really help. Btw: also setting

    • Custom function return type

      Hi, How do I create a custom deluge function in Zoho CRM that returns a string? e.g. Setup->Workflow->Custom Functions->Configure->Write own During create or edit of the function I don't see a way to change the default 'void' to anything else. Adding

    • Filter Based API request in Zoho Books using POSTMAN

      How do I GET only specified CONTACTS based on created time or modified time in Zoho Books using POSTMAN. In the api documentation, it is written we can apply filters but I need a sample request.

    • URL validation

      We use an internal intranet site which has a short DNS name which Zoho CRM will not accept.   When attempting to update the field it says "Please enter a valid URL". The URL I am trying to set is http://intranet/pm/ Our intranet is not currently setup with a full DNS name and given the amount of links using the shortname probably isn't a feasible change for us.

    • Sync Lookup Fields from Zoho CRM

      HI Team, I have synced a lookup field from my CRM data to Campaigns. When I view the synced data the field appears to display a Zoho CRM record ID rather than the text value. Is it possible to get the sync to import the text value rather than the CRM

    • Has anyone been experiencing slow issues?

      Dear all, I just want to ask if anyone has been experiencing slow issues with Zoho Creator in the past two weeks? I worked with the ISP to improve network quality by changing routes and upgrading bandwidth, but nothing changed. I am in Vietnam.

    • Zoho Projects Roadshows 2025 - USA

      Dear Users, After an amazing response to our roadshows in 2024, we are excited to be back for the second year in a row! Join our team of experts as they walk you through the most-used features in Zoho Projects, explore powerful automation capabilities,

    • Billing Management: #6 Usage Billing in SaaS

      Imagine a customer shuffling across multiple subscriptions, a streaming service, a music app, cloud storage, and a design tool. Each one charges a flat monthly fee, regardless of how much or how little they use. Some months, the customer barely opens

    • Directly Edit, Filter, and Sort Subforms on the Details Page

      Hello everyone, As you know, subforms allow you to associate multiple line items with a single record, greatly enhancing your data organization. For example, a sales order subform neatly lists all products, their quantities, amounts, and other relevant

    • Next Page