@carrottop1023 @Bruce @jcsteh Since about 2010 or so you cannot send mail via a domain's SMTP server without authenticating, authorizing, and in the case of mass sending services, ensuring the appropriate DNS records are in place at the domain level, unless you've specifically stood up your own server and turned all the authentication/authorization stuff off. So yes you can spoof an email address, but it's nowhere near as simple as spoofing a phone number, and it's also why you often see email addresses in the from field with a character off in either the username or the domain.