Email Security – What is SPF, why is it important and why should you use it?

In the first in a series of Blog Posts about email security and deliverability,  I set out to explain what SPF is and why you should use it.

SPF stands for Sender Policy Framework and whilst that might sound very technical it’s actually a very simple validation system that was introduced to detect email spoofing.  SPF provides a mechanism which allows the receiving mail server to check if incoming mail claiming to be from a domain is coming from an email server authorised to send mail on behalf of that domain.

For example, my Mail Server receives an email claiming to be from your company, but the email was sent via BT internet email server.  My mail server checks your company’s publicly published SPF record and finds BT Internets mail server is not authorised to send mail on behalf of your company, therefore my Mail Server should either reject the message or treat it with suspicion.

Similarly, if my Mail Server receives an email claiming to be from your company and the email was sent via a Google for Work email server.  My mail server checks your company’s publicly published SPF record and finds Google’s SPF record is referenced in your company’s SPF record because you are a Google for Work Customer, then my Mail Server is going to treat your message as genuine and will continue to scan the message in the normal way and consider it more positively in the overall spam filtering process.

The list of authorised sending mail servers for a domain is published in the publicly accessible Domain Name System (DNS) records for your domain in the form of a specially formatted TXT record. For example Ramsay.IT SPF record is:

v=spf1 a include:_spf.google.com include:autotask.net include:spf1.mcsv.net include:_spf.freeagent.com include:spf.mandrillapp.com -all

You can find out more about how to create and manage your SPF records here: http://www.openspf.org/

Essentially the receiving mail server checks the identity of the server sending it mail against the SPF record and returns one of the following results:

  • Pass, The SPF record designates the sending mail server is allowed to send mail => Accept the message
  • Fail, The SPF record has designated the sending mail server as NOT being allowed to send =>Reject the message
  • SoftFail, The SPF record has designated the sending mail server as NOT being allowed to send but is in transition => Accept the message but mark as Spam
  • Neutral, The SPF record specifies explicitly that nothing can be said about validity => Accept the message
  • None, The domain does not have an SPF record =>  Accept the message

Why use SPF?

Email spam and phishing emails very often contain forged “from” addresses.  By publishing and checking SPF records you help to ensure that these forged emails are not delivered and that they do not harm the reputation of your domain.  If a user is receiving spam which claims to be from your domain and they report it via some spam systems this will count against your domain’s reputation. Your Domain’s reputation with a number of spam filtering systems will, of course, affect the chances of your genuine email being considered spam.

By including an SPF record you also allow the receiving mail system to verify that the mail is genuine thus increasing the odds that the email will pass that recipient’s spam filtering system.  This is what we call “Increased Deliverability”.

If you are a Welgo Customer or a Welgo Google for Work Customer we will have created an SPF record for you. If you have any questions about that record please just call Welgo  helpline on 0131 667 0195 or raise a support request via the Welgo Support Portal

If you are not already a Welgo Customer please call us and one of the team will be happy arrange an appointment to discuss how Welgo can help you with your Business IT needs.