FREE TRIAL
Gabi Power Mar 24, 2023 3:14:51 PM 5 MIN READ

Feature Spotlight: SPF Records

Each month we’re putting the spotlight on a different feature - it may be a new one, or one that our ninjas think is awesome but under-utilised. Our aim is to equip you with the knowledge you need to help your customers get the most out of MailGuard. Last month, the spotlight was on Release Management.

This month, we’re focusing on SPF Records. 

Email is a critical communication channel for businesses of all sizes, but often they find email spoofing one of the most challenging issues to tackle. Hackers can easily spoof sender addresses and impersonate legitimate senders, making it difficult to differentiate between genuine and fake emails. SPF (Sender Policy Framework) records are a powerful tool to combat email spoofing and enhance overall email security.

What is an SPF record? 

SPF is an email validation system that allows administrators to specify which servers are authorised to send email from a given domain, via their DNS (Domain Name System). In other words, SPF makes it possible for the owner of a domain to say, “I only send mail from these IP Addresses and from nowhere else.” An SPF record is a type of DNS record that creates a list of approved IP addresses or hostnames that are allowed to send messages using the domain name in the “From” field. When an email is received, the recipient’s mail server checks the SPF record to verify that the sender’s IP address matches the authorised list. If it doesn’t the email may be rejected or marked as spam.

Why do you need an SPF record? 

  1. Prevents email spoofing
    SPF records make it much harder for hackers to impersonate your domain. By specifying which IP addresses or hosts are allowed to send emails on your behalf, you can ensure only legitimate messages are delivered.

  2. Increases email deliverability
    Many email providers use SPF records to verify the sender’s identity and assess the reputation of the sending server. By using SPF, you can improve your email deliverability rates and avoid your emails being marked as spam or being blocked by filters.

  3. Protects your brand reputation
    Email spoofing can damage your company’s reputation and erode the trust of your stakeholders. SPF records help you maintain control over your domain and prevent unauthorised use of your brand name in phishing scams or other fraudulent activities.

  4. Complements other email security measures
    SPF records are just one of many tools that can help protect your email from cyber threats. They work in conjunction with other security measures, such as DMARC and DKIM, to provide comprehensive email security.

For more information on SPF records, including more technical information, check out our help guide “What is an SPF Record (And Other FAQs About SPF and How it Works)”
How do you set up an SPF record?

To create an SPF record, you must configure a TXT record under your domain that lists the authorised servers (IP addresses or hostnames) to send emails from that domain. It is essential to have an intimate knowledge of your email network and any systems that send emails from your domain before configuring an SPF record.

An example of a suitable SPF record is:

"v=spf1 include:customer.mailguard.com.au -all"

Your SPF record should start with "v=spf1" and end with either "-all" or "~all" statement. Everything between these two statements specifies a legitimate source of email from your domain, and it can be either an IP address or hostname. 

Please note that the ‘all’ statement is mandatory and has two options:

  • The ‘-all’ option bounces an email if the sending IP address is not in the SPF record (referred to as a 'Hard Fail'). 
  • The ‘~all’ option does not bounce the email but treats it with caution if it fails SPF checking (referred to as a 'Soft Fail'.)

An SPF record must not have more than ten DNS lookups, or it will be detected as invalid by most systems during authentication checks. The possible sections of an SPF record that will count towards this total are:

  • A
  • MX
  • Include
  • Exists
  • Redirect

It is important to keep nested DNS lookups in mind for this total as well. For example, when including customer.mailguard.com.au in your SPF record, it will also look up spf_a.mailguard.com.au and spf_b.mailguard.com.au, which will add three to the total of DNS lookups instead of just one.

The recommended SPF entry for any MailGuard-protected domain is as follows (please include the entire line below):
                                             include:customer.mailguard.com.au

For further assistance setting up your SPF record, check out our help guide here.

Or, you can view these articles and website for help creating and testing SPF records:

https://www.kitterman.com/spf/validate.html
http://www.spfwizard.net/

As always, MailGuard’s Support team is available 24/7 to answer questions about SPF Records (or any other feature).   

To contact the service desk:  

Australia: 1300 306 510  
United States: 888 848 2822 
United Kingdom: 0 800 404 8993 
Email: support@mailguard.com.au  

If there’s a feature you’d like us to deep-dive into next month, let us know at marketing@mailguard.com.au  
Privacy Terms & Conditions
 

Free eBook Download

Download the free executive guide to Surviving the Rise of Cybercrime, by MailGuard CEO and founder Craig McDonald.

eBook eBook
eBook