We live in a software-as-a-service (SaaS) world. It’s great being able to pay a monthly fee and have some other companies handle your organization’s services for you. There are all kinds of companies that provide SaaS services.
There are companies that take care of
- customer service (e.g., Zendesk),
- marketing campaigns (e.g., SendGrid)
- customer relationship management (e.g., Salesforce)
- company benefits (e.g., Zenefits) and
- even payroll (e.g., Workday).
And the one thing all these service providers have in common is they send out emails to your customers and employees on your behalf. Generally speaking, that’s a good thing, but it does come with a big drawback most people aren’t even aware of.
To prevent email spoofing, your company will want to use an email authentication technique called Sender Policy Framework or SPF. This protects your customers and employees by ensuring they only receive emails from service providers you approve.
Now, you don’t typically know the IP addresses of the email servers your service providers use to send out emails, and they often use more than one. But, you do know their domains (e.g., sendgrid.com, salesforce.com) and so that’s what you’ll put in your SPF record to protect your customers and employees. You only want them receiving emails from those companies’ domains. And that’s where the trouble begins.
SPF authentication only deals with IP addresses, not domains.
So, when you enter the domain of one of your service providers, you’re forcing the SPF authentication process to look up those IP addresses in the domain name system (DNS). But, the DNS has a strict limit of 10 lookups and that’s a problem.
Once the DNS lookup limit is reached, the process will no longer convert domains to IP addresses. That means either your customers/employees are getting unauthenticated emails, or worse, not getting them at all. And what makes it even worse is you’ll never know about it because SPF has no error handling capability.
One of the ways you could try to address the problem is by figuring out all of your service providers’ IP addresses and putting them in the SPF record instead of the domains to reduce the number of DNS lookups to less than ten. This technique is called “SPF flattening.” The problem with this approach is that the IP addresses used by your service providers to send out email changes all the time, and they’re not going to go out of their way to let you know about it.
To do it right, manually flattening your SPF record requires that you constantly monitor your service providers for changes in their IP addresses. What you need is a way to do that automatically, hands-off, with no intervention from you. And that’s where AutoSPF comes in.
With AutoSPF you just point your SPF record to the AutoSPF server and AutoSPF takes care of the rest. AutoSPF always returns a flattened SPF record to public DNS queries. It checks for changes in IP addresses of your service providers every couple of minutes so you don’t have to.
Adding SPF flattening with AutoSPF is fast, easy and affordable. There are no sales calls, no contracts and you’re up and running in ten minutes. And AutoSPF works with all 3rd party email service providers. It will improve your email security services. What are you waiting for? Try AutoSPF risk-free for 30 days. Your customers and your employees will be glad you did.