SPF records are critical to all businesses, small to enterprise. Have you ever received an email that looks like it is from a Bank but it is actually from a spammer posing as the Bank? This is called a “spoof” email, because it’s quite easy to fake the domain associated with an email. Both Security and Marketing Departments are realising the increasing importance of Sender Policy Framework (SPF) which authenticates the sender of an email. It can detect forging sender addresses and be used to prevent spammers from spoofing your domain name. By creating an SPF TXT Record, you can authorise your business domain or any third party domain in use for sending emails on your behalf.
An ISP will use an SPF record to verify that a mail server is authorised to send email for a specific domain. SPF is critical to email as it is published in the DNS and lists all of the IP addresses that are allowed to send email on behalf of the domain. The domain in the return-path address is used to identify the SPF record. When an email is sent the server checks to see if the sender is on the domain’s list of allowed senders. The email is sent if a link has been established with the email domain. If not, then the server continues processing the email as usual without this link. Where there is no link there is a concern for a number of reasons. The list of senders may not be accurate or the email may be fake. It is always better to provide multiple layers of security to prevent spoofing and ensure email deliverability.
DomainKeys Identified Mail (DKIM) fills the gap in the DMARC technical framework as an additional way to try and link a piece of email back to a domain. It uses a signature-based method by including a public key in your domain which is used by email receiving domains to determine if the message is legitimate. By itself, SPF can associate a piece of email with a domain. With the DNS records in place, DMARC ties the results of SPF to the content of email, specifically to the domain found in the return path or From: header of an email. For SPF to work correctly in the context of DMARC, the return-path address has to be relevant to the domain of the From: header, which is the item that ties together DMARC alignment.
So the recipient server can use the SPF record you publish in the DNS to determine whether an email that they have received has come from an authorized server. It is critical for your SPF records to be configured correctly as this can determine how a recipient treats your emails. By configuring your SPF records you can prevent forged-messages pretending to be from you from spammers using your domain as a tool. Failure to do so can lead your IP address being listed on the Real-Time Black List (RBL) and could be disastrous to your company’s reputation.
The other consequence is the failure of marketing campaigns. Emails can still be delivered without setting up SPF, but doing so improves your chances of deliverability. Check to ensure that if you are using a supplier of email marketing solutions they have configured SPF otherwise your reputation will be associated with all the customers of that provider. It means that the sensitivity to other email marketing suppliers’ customers becomes very high, but equally bad is the fact that you get connected to the supplier. Having an SPF policy provides an additional trust signal to ISPs so you can increase the likelihood that your emails arrive in the inbox.
SPF has become increasingly important to help verify which sending infrastructure can relay email on behalf of your domain. Implementing SPF records for email provides many benefits including combating domain impersonation and email spoofing to protect your brand reputation. Also it ensures your company’s emails are delivered and do not end up in the SPAM folder or get a SPAM label in the inbox.
Contact us for your free SPF check. We will check and report on your SPF settings and advise which servers are authorized to send on behalf of a domain. We can help develop a policy around SPF and ensure email deliverability. This is particularly important if you are doing outbound campaigns but also important to protect your company reputation.
About brandsec
brandsec is a corporate domain name management and brand protection company that look after many of Australia, New Zealand and Asia’s top publicly listed brands. We provide monitoring and enforcement services, DNS, SSL Management, domain name brokerage and dispute management and brand security consultation services.