Here’s How To Create SPF Record And Secure Emails From Spoofing
One of the best methods to safeguard one’s customers, brand, and business from phishing and spoofing attacks is to deploy SPF records. SPF records are a standard technique to authenticate emails, which one can quickly implement if one knows how to create SPF records.
SPF (Sender Policy Framework) is an email authentication protocol. An SPF record contains the list of all authorized IP addresses allowed to send emails on behalf of a particular domain. It means only legitimate emails can be delivered from that domain, and it will be less likely that the email gets blacklisted by spam filters. The below explanation shows how one can create SPF records by following a few simple steps.
Step-1 Gather The Authorized IP Addresses
The first step in creating an SPF record is identifying the mail servers one wants to authorize to send emails from one’s domain. Most organizations use multiple servers to send emails. Make a list of all those mailing servers used to send emails on behalf of the organization, including:
- Web servers
- Mail server of the Internet Service Provider (ISP)
- In-office mail server, like Microsoft Exchange
- Mailing server of the end user’s mail service provider
- Any other third-party mailing servers used to send emails
Step 2- Create A List Of All Relevant Domains
Many organizations use multiple domains. Some are used to send emails, while others are not. It is vital to create SPF records for all the domains one owns, including the ones not used to send emails. If only the email-sending ones are secured using SPF, the adversaries will try to spoof the non-mailing ones. Hence, the protection of all of them is necessary.
Step 3- Create The SPF Record
SPF authentication works by checking the sending server’s identity against the list of authorized IP addresses that have been published in the DNS record. One can go through the following simple steps to create an SPF record:
- Start creating the record by specifying the SPF version in the form of v=spf1 (version 1) tag.
- Now, add the list of authorized mailing IP addresses. Here is an SPF record example for better understanding:
v=spf1 ip4:34.243.61. 273 ip6:2a45:d021:e4:8c02:bb61:dae9:9b93:941e
(Always use proper SPF record syntax while creating an SPF record.)
- If there is also a third-party mailing server in use, add an “include” tag to the SPF record (example: include:thirdparty.com) to designate the third party as an authorized sender.
- Once all the authorized IP addresses and third-party servers are added, it is time to end the record with an ~all or –all tag. The ‘all’ tag is a crucial element of the SPF record as it specifies which policy should be put into action when an unauthorized server is detected. How the ‘all’ tag is used will define how strictly the unauthorized email will be treated. While ‘~all’ is the indicator of a soft fail, ‘–all’ means a hard fail.
- Note that an SPF record cannot have more than 255 characters, and it cannot include over 10 ‘include’ tags or a total of 10 lookups.
- After defining the SPF record correctly, the record will look something like this:
v=spf1 ip4:34.243.61.273 ip6:2a45:d021:e4:8c02:bb61:dae9:9b93:941e include:thirdparty.com –all
- For non-mailing domains, one can create an SPF record like this:
v-spf1 –all - The SPF record is now ready, and it’s time to publish it.
Step 4: Publish The SPF Record Into The DNS
Now that the SPF record is ready publishing it in the DNS is the next step. One can do it with the help of the DNS server administrator. Once it is published, mailbox providers will be able to refer it.
Step 5: Test The SPF Record
The final step is testing the SPF record and validating it using an SPF record checker.
Final Words
Knowing how to create SPF records is essential if one wants to deploy SPF for email security. An SPF record is a powerful tool that can improve email deliverability and prevent any malicious emails from being sent on behalf of a particular domain.
Join the thousands of organizations that use DuoCircle
Find out how affordable it is for your organization today and be pleasantly surprised.