Email spoofing is the creation of email messages with a forged sender address. This can be any address the sender wishes, but professional spammers often use well known domain names that exist so that the recipient believes the e-mail is from a genuine sender.
Because the core email protocols do not have any mechanism for authentication, it is common for spam and phishing emails to use such spoofing to mislead the recipient about the origin of the message.
Although email spoofing is effective in forging the email address, the IP address of the computer sending the mail can generally be identified from the “Received:” lines in the email header. In many cases this is likely to be an innocent third party infected by malware that is sending the email without the owner’s knowledge.
The tools necessary to spoof email addresses are easy to get. All you need is a working mail server, and the right mailing software.