Sender Policy Framework (SPF)

Posted on by
spf cybrary

Sender Policy Framework (SPF) is an anti-spam tool where email domains of the senders can be authenticated. SPF works hand-in-hand with DKIM and DMARC to help authenticate email messages to reduce the chance of malicious emails reaching user inboxes. 

The SPF tool allows domain administrators to determine which IP addresses are authorized to send an email on their behalf. Administrators of a domain using SPF declare attributes that uniquely describe their email environment, including authorized senders. This description is represented in the ‘SPF record’, which is published in Domain Name System (DNS) records. An SPF client application executes a search for the correct SPF record, determining if a message is authentic or spoofed. If the records match, the sender is authentic and not malicious and the email is delivered appropriately.  If you fail SPF authentication, most ISPs will give you a poor reputation score and route your email to the spam or junk folder — some may even just block the email entirely.

Source: TechTarget, Postmark

Additional Reading: Setting Up DMARC and DKIM – CyberHoot

Related Terms: DMARC, DKIM

What does this mean for an SMB?

SMBs should have SPF protection in place. However, SPF protection alone is not enough. SPF relies on the Reply-To field of a message but does not reject messages based upon a spoofed “Sender” field. Thus a hacker can get messages that appear to come from Amazon.com with a legitimate but wrong “Reply-to” field in the email into inboxes to fool users into clicking.
 
That’s why most email and DNS administrators combine SPF with DKIM and DMARC records. DMARC and DKIM help avoid malware and phishing attacks from landing in user inboxes. This is because they were designed to validate the “Sender” domain against who is allowed to send messages for that domain and quarantine or reject the delivery of those messages automatically.  When combined, SPF, DMARC, and DKIM are powerful tools in your email security arsenal.
 
Here are actions you should take to help improve email security and reduce the chances of you or your customers from falling a victim to a phishing attack:
  1. Setup SPF, DKIM, and DMARC records to block the receipt of emails masquerading as your domain name.
  2. Train your employees on how to spot, avoid, and delete phishing attacks.
  3. Test your employees with Phish Testing attacks; re-train those that fail in your tests. 
  4. Purchase and train your employees on how to use a Password Manager. If you visit a phishing website and try to enter your password credentials using a Password Manager, you will NOT be able to. 

To learn more about SPF, DMARC, and DKIM, watch this short video:

Secure your business with CyberHoot Today!!!

Sign Up Now
Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.