ABSTRACT. Email phishing is considered one of the most widespread forms of modern cybercrime. Through phishing attacks, malicious actors attempt to fraudulently obtain users' personal information such as passwords, credit card numbers, or even financial account details. These messages often impersonate legitimate companies, thereby increasing the likelihood of deceiving recipients. This article explores the mechanisms, risks, and technical defenses against email phishing. In particular, it discusses the roles of SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) protocols. Practical examples are also provided to illustrate how each mechanism contributes to identifying and blocking malicious emails.