Anti-Email Spoofing 101 – Sender Policy Framework

SPF

The Sender Policy Framework (SPF) is seen as a simple anti-email spoofing mechanism that checks if the sending server has been authorized by the domain’s administrators to send email.

The SMTP protocol allows, by design, any machine to send emails claiming to be from any domain they want to, and as spammers and phishers used to forge email addresses or make individuals from different organizations leak sensitive information, the SPF was created to cover this SMTP blind spot.

SPF is a simple text (TXT) record added in the DNS settings of the domain that enables mail servers to check the “Envelope-from” address, also known as return-path. This way spammers may not spoof the envelope sender address, as remote mail servers with SPF checking enabled, will verify where the message is originating from.

Why should you actually implement a SPF record?

By doing so,  spammers are less likely to spoof emails from your domain as they are going to get caught in anti-spam filters that check the SPF record. This also means that a domain is less likely to get blacklisted.

An example of SPF is the following:

example.com. TXT "v=spf1 ip4:192.168.1.0/24 ip4:192.168.2.123 a -all"

Where v is the SPF version, ip4 and a are the systems permitted to send email in the name of that domain, and –all states that if there’s a mismatch, the email should be rejected.

SPF uses a few guidelines, such as  PASS, SOFTFAIL, FAIL, that block any unauthorized use of your domain name in spam and phishing.

What are the main benefits of SPF?

The main benefit of SPF is that spammers won’t use your domain name when forging email addresses and reduces the number of “bounce back” messages your users receive from spam sent to addresses that don’t exist. Also this improves the anti-spam environment by helping others block spam that’s leveraging your domain name.

Our recommendation is to deploy a SPF record and reduce the likelihood of spammers sending bulk email in your name. The main outline is that domains without SPF records are more prone to be used as fake sender for outbound spam  than the  ones with SPF records, which is thereby adding another layer of security.

You can check our Knowledgebase article on how to setup SPF records with SpamExperts.

Until next time, ensure your domain has a SPF record and deploy a professional email security solution to stay spam-free!

2 thoughts on “Anti-Email Spoofing 101 – Sender Policy Framework

  1. SPF does not actually stop the “spammers sending bulk email in your name”. SPF only looks at the “return-path”, not the “FROM” address. So, spammers can still use your domain when sending spam, or phishing messages, as long as they use something else for the return-path. This allows bad guys to send phishing messages using any domain they want as the FROM address. They can set the reply-to to be their own address, and fool people.

    I’m not saying you shouldn’t at least try an SPF record. But it does not stop people from using your domain in the FROM field.

    – Scott

    Like

    • Hi Scott,
      Indeed you are right, what I meant to write was “Envelope-from” not the “From” address on that sentence. I’ve corrected this now. Great spot!
      Thanks for the feedback!
      Lucian

      Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s