How to know whether e-mail was spoofed?
I am having a hard time understanding the different methods of e-mail verification. I know about DKIM, SPF and DMARC. If I would like to know whether an e-mail I received actually came from the e-mailaddress that is shown to me in my e-mailclient, how would I go about that? For example: I receive an e-mail from user@hotmail.com.
If I check the DKIM record I would only know for certain that the e-mail was sent from a @hotmail.com domain, correct? So the e-mail could have been send from someoneelse@hotmail.com even though the DKIM records would still show dkim=pass. Is this correct?
How can I confirm whether the e-mail I received was actually sent by the full e-maildress (not just the domain) user@hotmail.com? Can I do that with only DKIM? Do I need DKIM + SPF? Or do I need DKIM + SPF + DMARC?
