The Sender Policy Framework (SPF) is an email authentication technology that is used to prevent phishing attempts. It enables your organization to select who is authorized to send email on your domain’s behalf. This is useful because, in a typical phishing attack, the threat actor spoofs the sender address to make it appear to be an official business account or someone the victim knows.

What is SPF Record?

An SPF record published on Domain Name Service (DNS) servers informs recipient email servers that a message came from an authorized sender IP address or could be from a phishing attack. It’s an important part of email security since it allows administrators to prevent phishing emails from reaching their intended victims.

How does SPF work?

SPF creates a means for receiving mail servers to validate that incoming email from a domain was sent from an ip approved by the domain’s administration. It is based on the well-known Domain Name System (DNS). In general, the procedure goes as follows:

A domain administrator publishes the policy that specifies which mail servers are authorized to send email from that domain. This policy is known as an SPF record, and it is included in the domain’s overall DNS records.

When an inbound mail server receives an incoming email, it checks DNS for the bounce (Return-Path) domain’s rules. The inbound server then compares the mail sender’s IP address to the authorized IP addresses specified in the SPF record.

The receiving mail server then decides whether to accept, deny, or otherwise flag the email message based on the rules specified in the sending domain’s SPF record.

Why should you use SPF?

Prevent attacks: SPF records are used to prevent spammers from spoofing your domain name. Recipient servers can use the SPF record you publish in DNS to determine whether an email that they have received has come from an authorized server or not.

Improving email deliverability: Domains without a published SPF record may have their emails bounced or be marked as spam. This in turn will reduce the email deliverability percentage.

How to set SPF:

• Collect and list all the IP addresses and domains that are used for sending emails
• Build the SPF Record with different tags (SPF version, mechanisms, qualifiers)
• Publish the SPF record as DNS TXT
• Test The SPF validation

Below are the SPF configuration settings for some of the authorized emailing platforms:

• Mailgun
• Microsoft Dynamics 365
• Google Workspace
• Mandrill 
• TrendMicro
• Shopify
• amazonSES
•  Mimecast
• Proofpoint
• Forcepoint-Websense
• Freshdesk
• Zoho
• Zendesk
• SAP SuccessFactors
• Zimbra
• Network Solutions
• Rackspace Cloud
• Bluehost
• HostMonster
• Hostinger
• MailRoute
• FastMail
• Oracle Dyn