Sender Policy Framework (SPF) is an anti-spam tool where email domains of the senders can be authenticated. SPF works hand-in-hand with DKIM and DMARC to help authenticate email messages to reduce the chance of malicious emails reaching user inboxes.
The SPF tool allows domain administrators to determine which IP addresses are authorized to send an email on their behalf. Administrators of a domain using SPF declare attributes that uniquely describe their email environment, including authorized senders. This description is represented in the ‘SPF record’, which is published in Domain Name System (DNS) records. An SPF client application executes a search for the correct SPF record, determining if a message is authentic or spoofed. If the records match, the sender is authentic and not malicious and the email is delivered appropriately. If you fail SPF authentication, most ISPs will give you a poor reputation score and route your email to the spam or junk folder — some may even just block the email entirely.
Additional Reading: Setting Up DMARC and DKIM – CyberHoot
What does this mean for an SMB?
- Setup SPF, DKIM, and DMARC records to block the receipt of emails masquerading as your domain name.
- Train your employees on how to spot, avoid, and delete phishing attacks.
- Test your employees with Phish Testing attacks; re-train those that fail in your tests.
- Purchase and train your employees on how to use a Password Manager. If you visit a phishing website and try to enter your password credentials using a Password Manager, you will NOT be able to.