SPF
      Back to home
      1. Knowledge Base
      2. Email Risks
      3. SPF

      Implementing SPF

      What is SPF, why it's important and how to implement it?

      WHAT IS IT & WHY IT’S IMPORTANT

      What are email permitted senders (SPF)?

      SPF stands for “Sender Policy Framework”. It’s an email authentication technique that is used against email spoofing. An SPF record allows a domain owner to publish a list of the domains or IP addresses that should be trusted to send emails for a given domain.

      If a domain or IP that is not on the “trusted list” (so not in the SPF record) attempts to send an email from that domain - it will not pass the SPF security check, indicating that it may be a fraudulent or 'spoof' email.

      WHAT TO DO & HOW

      An SPF record is added to your domain's DNS zone file as a TXT record and it identifies authorised SMTP servers for your domain.

      For example:

      TXT @ "v=spf1 include:_spf.example.com ~all"

      Soft Fail: The "~" in front of the "all" means that any servers not listed in the SPF record should be treated as a 'Soft Fail' by the recipient's mail server. In other words, any emails not from the listed servers should be flagged as 'Spam' in the recipient’s inbox.

      Hard Fail: Using a "-" in front of the "all" means that any servers not listed in the SPF record should be treated as a 'Hard Fail' by the recipient's mail server. In other words, any emails not from the listed servers should be discarded and not delivered to the recipient’s inbox.

      Here is some guidance from the UK National Cyber Security Centre regarding how to create and iterate an SPF record:

      https://www.ncsc.gov.uk/collection/email-security-and-anti-spoofing/create-and-iterate-an-spf-record

      DMARC empowers SPF by stating a clear policy which should be applied and allows to set an email address which can be used to send the statistics reports regarding a specific domain. Both methods use DNS (Domain Name Service).

      This gives you, as an email sender, the ability to specify which email servers are permitted to send email on behalf of your domain.

      Click here to browse other articles (including: how to configure SPF & DMARC for sending and parked domains) or contact us using a chat icon on the right!