Email Security Blog

SPF: What’s it all about? And why should I care?

Danielle Tristao May 6, 2014 How Email Works
Fallback Featured Image

Let’s say you have a very popular store. Your customers love receiving coupons and communications from you by email. Then a spammer sees your email address as a great opportunity to take someone’s personal information. They send an email claiming to be you, requesting updated credit card information from your customers. Now your customers are calling in, upset that their information was compromised, and they think it’s your fault. Once word gets out, no one feels confident opening your email communications. How are they to know it’s really you?

It really doesn’t seem fair, does it? You didn’t mean for this to happen. Now you are seeing fewer people opening & clicking your communications – your brand is compromised.

Why are these spammers able to do this? Well, when email was created to make communication easier on the Internet they unfortunately didn’t include rules to stop people from pretending to be someone else. Luckily for us, SPF (Sender Policy Framework) has come along to put a stop to their shenanigans!

SPF is an authentication method that you can implement in your DNS. You list out the IPs that are allowed to send email on your company’s behalf. When an email is sent to a recipient from one of those approved IPs, the mail server receiving the message sees that it’s from a legitimate sender and continues on with the rest of their scanning. However, if an email is sent from an IP that is not listed in your SPF record, someone who is not authorized to send on your domain’s behalf, then the receiver can reject it. Your customer doesn’t receive it. Your reputation and brand stays intact. SPF saves the day – and your brand!

Learn more about SPF, DKIM & DMARC here 

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

February 20, 2018 Jacob Rideout

Strengthen DKIM Signatures with DCRUP

In this final post of the DMARC series we’ll discuss the latest crypto updates to…

2 factor authentication

February 15, 2018 Markus Jakobsson

How SMS 2FA Might Leave You Vulnerable to Email Account Takeover

One of the biggest challenges for a security strategy is making it accessible and understandable…

Agari Blog Image

February 13, 2018 Jacob Rideout

The Arrival of ARC

As we mentioned in the first post of this series, with the arrival of ARC,…

Spear Phishing

July 24, 2017 Markus Jakobsson

The Threat Taxonomy: A Working Framework to Describe Cyber Attacks

Imagine going to the doctor and only being able to say “pain” or “sick”. You…

Agari Blog Image

September 28, 2016 Gabriel Ortiz

Software Ate My Infrastructure: 2 Years on AWS with Ansible, Terraform and Packer - Part 2

Agari has made significant investment into infrastructure as code. Almost two years into this project,…

mobile image