Search Close
Email Security Blog

SPF: What’s it all about? And why should I care?

Danielle Tristao May 6th, 2014 How Email Works
Fallback Featured Image

Let’s say you have a very popular store. Your customers love receiving coupons and communications from you by email. Then a spammer sees your email address as a great opportunity to take someone’s personal information. They send an email claiming to be you, requesting updated credit card information from your customers. Now your customers are calling in, upset that their information was compromised, and they think it’s your fault. Once word gets out, no one feels confident opening your email communications. How are they to know it’s really you?

It really doesn’t seem fair, does it? You didn’t mean for this to happen. Now you are seeing fewer people opening & clicking your communications – your brand is compromised.

Why are these spammers able to do this? Well, when email was created to make communication easier on the Internet they unfortunately didn’t include rules to stop people from pretending to be someone else. Luckily for us, SPF (Sender Policy Framework) has come along to put a stop to their shenanigans!

SPF is an authentication method that you can implement in your DNS. You list out the IPs that are allowed to send email on your company’s behalf. When an email is sent to a recipient from one of those approved IPs, the mail server receiving the message sees that it’s from a legitimate sender and continues on with the rest of their scanning. However, if an email is sent from an IP that is not listed in your SPF record, someone who is not authorized to send on your domain’s behalf, then the receiver can reject it. Your customer doesn’t receive it. Your reputation and brand stays intact. SPF saves the day – and your brand!

Learn more about SPF, DKIM & DMARC here 

Leave a Reply

Your email will not be published. All fields are required.

February 20, 2018 Jacob Rideout

Strengthen DKIM Signatures with DCRUP

February 15, 2018 Markus Jakobsson

How SMS 2FA Might Leave You Vulnerable to Email Account Takeover

February 13, 2018 Jacob Rideout

The Arrival of ARC

July 24, 2017 Markus Jakobsson

The Threat Taxonomy: A Working Framework to Describe Cyber Attacks

September 28, 2016 Gabriel Ortiz

Software Ate My Infrastructure: 2 Years on AWS with Ansible, Terraform and Packer - Part 2

mobile image