---
title: "Prevent Spoofing And Phishing By Studying An SPF Record Example | DuoCircle"
description: "Join the thousands of organizations that use DuoCircle Find out how affordable it is for your organization today and be pleasantly surprised.Interested in"
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/content/sender-policy-framework/spf-record-example/"
---

Content 

#  Prevent Spoofing And Phishing By Studying An SPF Record Example 

 Join the thousands of organizations that use DuoCircle Find out how affordable it is for your organization today and be pleasantly surprised.Interested in 

[ Talk to an Expert → ](/contact/) [ See what we make ](/products/) 

## Prevent Spoofing And Phishing By Studying An SPF Record Example

[Fix Your SPF Errors Now](/email/spf-record-check)

[Sender Policy Framework](/content/sender-policy-framework) (SPF) is an email authentication method that helps organizations **prevent phishing** and spoofing attacks. When an SPF record has been set up for a particular address, the receiving server matches the sender’s IP address to registered authorized IP addresses for that domain. If these IP addresses do not match, _then the receiving server takes action against the email according to predetermined rules_.

![sender policy framework](https://media.mailhop.org/duocircle/images/2020/11/domain-spf-record.png) 

### How the Sender Policy Framework Prevents Email Spoofing

_Adversaries spoof emails by forging the sender addresses of legitimate organizations and users_. The core protocols behind email do not possess any authentication mechanisms for preventing this. Attackers can, thus, easily spoof emails.

When an **SMTP email** is sent, two pieces of information about the address are provided by the initial connection:

#### MAIL FROM

No checks are done to see whether a sender is authorized to send an email from an address. It is generally shown to the recipient as “Return-path: header,” however it is usually not visible.

#### RCPT TO

RCPT TO specifies the recipient email address and may be present in the received header.

By default, _the sending system does not carry out checks on whether a sender is authorized to send emails on behalf of that address_. Spoofers can thus forge an email address. However, **SPF can prevent** this. With SPF, domain owners create an SPF record and publish it in the DNS. The [SPF record](/content/sender-policy-framework/spf-record) contains the IP addresses that are allowed to send email addresses from that server or domain.

Whenever an email is sent, the recipient email server checks if an **SPF record** is available with the sender. If available, then the sender’s IP address is verified against that of the owner of the email domain. If the IP address in the SPF records and the sent IP address matches, the email message is delivered to the inbox. Action is taken against it otherwise.

### Understanding SPF Record Syntax by Considering Examples

Consider a case with the following SPF Record Example where an **email Failed Authentication**:

`“v=spf1 ip4:152.163.0.1 ip4:191.162.0.1 include:spf.protection.outlook.com -all”`

Here is [SPF record syntax](/content/sender-policy-framework/spf-record-syntax),

- v=spf1 defines the TXT record as an **SPF record**.
- ip4 shows that IP version 4 addresses are being used.
- The IP addresses are added to the [SPF TXT records](https://docs.rackspace.com/support/how-to/create-an-spf-txt-record/) and are often the addresses of outbound mail servers.
- The domain name is the domain of the legitimate sender.
- Enforcement rules are hard fails (-all), soft fails (\~all), or neutral (?all). _A Hard fail prevents emails from getting delivered_, but other rules deliver them.

If an email comes from any address other than ip4:152.163.0.1 ip4:191.162.0.1, say ip4:177.153.0.5, it would undergo a hard fail.

![spf record](https://media.mailhop.org/duocircle/images/2020/11/sfp-checker.png)![spf record example](https://media.mailhop.org/duocircle/images/2020/11/domain-spf.png)

### How To Prevent Errors With SPF Record?

_Checking an SPF record before implementation helps prevent issues while updating them_. To test and validate an **SPF record**, users can make use of several online tools. These tools will not only validate a record but will also highlight all issues with it. For example, these tools can help remedy common errors such as “550 [rejecting for sender policy framework](/content/sender-policy-framework/rejecting-for-sender-policy-framework).”

_SPF prevents all illegitimate email messages sent from unauthorized sources_. It is a practical yet simple to implement technology, and anyone can look up [how to create SPF records](/content/sender-policy-framework/how-to-create-spf-record) online quickly if they face any issues. Popular domain managers such as GoDaddy are also compatible with widely used office suites such as [Office 365](https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/how-office-365-uses-spf-to-prevent-spoofing?view=o365-worldwide), making it easier to set up [sender policy framework – Office 365](/content/sender-policy-framework/sender-policy-framework-office-365).

##### Join the thousands of organizations that use DuoCircle

---

Find out how affordable it is for your organization today and be pleasantly surprised.

[Auto SPF - Sign Up FREE](/email/spf-record-check)Interested in our Partner Program for MSPs and VARs? Visit Our [MSP Partner Program](/msp-partner-program).

## Ready to talk?

Same-day response from someone technical. We tell you yes or no quickly. If yes, we get to work.

[Talk to an Expert→](/contact/)[See what we make](/products/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"WebPage","name":"Prevent Spoofing And Phishing By Studying An SPF Record Example","description":"Join the thousands of organizations that use DuoCircle Find out how affordable it is for your organization today and be pleasantly surprised.Interested in ","url":"https://www.duocircle.com/content/sender-policy-framework/spf-record-example/","speakable":{"@type":"SpeakableSpecification","cssSelector":[".page-answer",".duo-rich-text p:first-of-type"]},"dateModified":"2023-08-08T14:05:25.000Z","datePublished":"2020-11-23T22:28:14.000Z"},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"DuoCircle","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Prevent Spoofing And Phishing By Studying An SPF Record Example","item":"https://www.duocircle.com/content/sender-policy-framework/spf-record-example/"}]}]
```