To protect your customers, your brand, and your business from phishing and spoofing attacks, you must authenticate your email. SPF (Sender Policy Framework) is an authentication protocol that allows senders to specify which IP addresses are authorized to send email on behalf of a particular domain.
An SPF-protected domain is less attractive to fraudsters and is therefore less likely to be blacklisted by spam filters. SPF also ensures that legitimate email from the domain is delivered.
Ready to create your SPF record? Follow these five simple steps.
Step 1: Gather IP addresses that are used to send email
The first step to implement SPF is to identify which mail servers you use to send email from your domain. Many organizations send mail from a variety of places. Make a list of all your mail servers, and be sure to consider whether any of the following is used to send email on behalf of your brand:
Step 2: Make a list of your sending domains
Chances are, your company owns many domains. Some of these domains are used to send email. Others are not.
It is important to create SPF records for all the domains you control, even the ones you’re not mailing from. Why? Because once you have protected your sending domains with SPF, the first thing a criminal will do is try to spoof your non-sending domains.
Step 3: Create your SPF record
SPF authenticates a sender’s identity by comparing the sending mail server’s IP address to the list of authorized sending IP addresses published by the sender in the DNS record. Here’s how to create your SPF record:
Congratulations! You’ve created your SPF record. Now, it’s time to publish it.
Step 4: Publish your SPF to DNS
Work with your DNS server administrator to publish your SPF record to DNS, so mailbox providers can reference it.
If you’re using a hosting provider such as 123-reg or GoDaddy, then this process is fairly simple. If your DNS records are administered by your ISP or if you aren’t sure, then contact your IT department for support. Email service providers typically publish SPF records for sending domains on your behalf.
Step 5: Test!|
Test your SPF record with Return Path’s SPF check tool. You will be able to see what recipients see: a list of the servers authorized to send email on behalf of your sending domain. If one or more of your legitimate sending IP addresses is not listed, then you can update your record to include it.
Want more email authentication tips like these? Subscribe to our blog.
Amy Gorrell is a Strategic Project Manager for Return Path's Email Fraud Protection team. Amy works with some of our top-tier clients to help eliminate the impact of email fraud. When she's not fighting cyber crime you can find her enjoying the many outdoor activities Colorado has to offer. You can connect with Amy on LinkedIn @Amy Gorrell or follow her on Twitter @amy_gorrell.
Enter your name and email address below to subscribe to our mailing list.