May 14, 2021

SPF for all!

SPF to all

The call goes out! SPF to all! Did you know that you can limit the possibility of spoofing emails from your addresses and domains for free? By adding a Sender Policy Framework (SPF) record to your DNS, you specify which IP numbers and servers are allowed to send emails in your name.

A simple idea

The idea is very simple - by specifying which servers and IP numbers are allowed to send email from your domain, you give the recipient an opportunity to check whether email from your domain really comes from a server or IP number that you have authorized as a sender in your DNS. Most major email services perform this check on all incoming email.

An SPF record might look something like this:

"v=spf1 ip4:192.168.0.1/16 -all"

The above SPF record specifies that email from the domain (where the SPF record is established) may be sent from any IP address between 192.168.0.1 and 192.168.255.255.

The SPF record for the domain nimblr.net looks like this:

"v=spf1 include:_spf.google.com include:sendgrid.net -all"

The above SPF record allows Google's servers and the SendGrid email service to send emails with our domain name as the sender. By ending with "-all", we tell recipients who check our SPF record that emails from servers other than those specified should be put in the spam folder or rejected.

Read more about the SPF, the syntax and the project here: www.open-spf.org

There are ways to bypass SPF checks but if all domains had an SPF record it would be much more difficult to spoof emails, so what are you waiting for?

Nimblr Security Awareness is an online training platform designed to enhance end-user security awareness and minimize the risk of full-blown attacks. The training program is based on a holistic learning model and is continuously updated with intelligent technology, smart illustrations, IT security expertise and modern pedagogy.

Making the internet safer