There’s a fragile line difference between spam and scam email. As a result of which, a standard known as Sender Policy Framework (SPF) evolved. This standard is commonly used as the email authentication method. It helps prevent spam emails by detecting spoofing. Not only this, but SPF also helps verify the sender’s IP address to decrease the chances of sender addresses being counterfeit.
In simple words, SPF specifies the authorized IP address to send an email for a domain. Using SPF administrators can specify allowed hosts to send an email on behalf of a given domain by creating specific SPF record in the DNS (Domain Name System)
What Is Email Spoofing?
When spammers send an email that appears to originate from a domain is called spoofing. In simple words, email spoofing is the construction of a fake email header to dupe the recipient into thinking the email is generated from a genuine source.
Spam and phishing emails use spoofing to mislead the recipient and keep him unaware of the original sender.
Now that you have an idea about SPF record and how it helps let’s dive in and understand more about SPF record, its benefits, and essential details.
What SPF Records Do?
SPF record defines safe IP addresses that can be allowed to send an email on behalf of a domain. It can be used for:
- Sending internal notification
- External and internal mails
- Transactional emails from applications
- Marketing/PR emails
Benefits – SPF Records
If you want to stop spammers from spoofing your domain, you need to add SPF records to your DNS zone file. Adding domain information to SPF records will reduce the number of authentic email messages from being flagged as Spam. Since not all mail providers use it, SPF records are not a 100% effective method, but you can still use it to decrease the number of bounce-back emails.
- Prevent breaches
- Benefits organization in overall identification
- Stops bad PR from being used as Spam
- Free to set up and cheap
SPF Record – Glossary
|TXT||It is DNS zone record type; SPF records are written as TXT records|
|@||‘@’ is a placeholder used to represent the current domain|
|v=spf1||utilizes SPF Version 1 to identify TXT record as SPF record|
|a||authorizes the host in the domain A record to send the email|
|include:||authorizes email to be sent on behalf of the domain, e.g. google.com|
|~all||denotes list is all-inclusive and no other servers can send email|
|domain.com||the domain that SPF record applies to|
|mx||lists the domain’s MX record(s) as approved to send email|
|ip4||single IP4 address|
|all||matches all local and remote IPs and goes at the end of the SPF record|
Now that we have enough information, you must be ready to create an SPF record. Follow these simple steps to create SPF records:
Step 1 – Gather IP addresses used to send email
The first step to implement SPF is to detect mail servers using which you send emails from your domain. Some organizations send mail from different places. Therefore, you need to make a list of all your servers and identify if they are being used to send an email on behalf of your brand:
- Web Server
- Your ISP’s mail server
- Third-party email server used to send mail on your behalf
- In-office mail server
- Mail server end-user mailbox provider
Step 2 – Create a list of sending domains
Your company might be possessing several domains. Therefore, you need to make a list of all domains whether used for sending or not. This is done to protect all domains because once you have added sending domains to SPF record spammers will target non-sending domains. To stay secure adding all to SPF records is recommended.
Step 3 – Create your SPF record
By comparing the sender’s mail server’s IP address to the list of authorized sending IP address, SPF records authenticate the email address. To create an SPF record, follow the steps below:
- Start with a v=spf1 tag followed by the IP address authorized to send an email. For example, v=spf1 ip5:184.108.40.206 ip5:220.127.116.11
- If third-party service providers are used to sending email to add “include” statement in SPF record, e.g. include:xyz.com, this will help identify the third party as the legal sender
- SPF records cannot be more than 255 characters. It cannot have more than ten include statements.
- If you do not want to send emails from your domain exclude any modifier with exception of all.
That’s all you’ve successfully created an SPF record. Now it’s time to publish it.
To do so, you will need the help of your DNS server administrator.
For instance, if you are using GoDaddy the process will be simple. However, your DNS records are administered by your ISP, you need to contact your IT team.
Note: Email service providers publish SPF records for sending domains on your behalf.
Now that it is published let’s test the SPF record. You can use an SPF check tool for it as it will show you the list of authorized servers. In case you can’t find the domain, update the SPF record.
That’s it, using these simple steps you can create an SPF record and can prevent email spoofing. The best practice is to set up an SPF record on your DNS server. Setting up an SPF record allows other email servers to use SPF filtering, thereby protecting spoofed messages from coming in.
We hope you will use it to stay protected. If you have anything to say, please share in the comments section.