5 min read
Supporting Virginia’s Veterans: Our V3 Certification
Every year, thousands of Veterans transition from military service to civilian careers in Virginia, bringing invaluable skills and experiences to...
Are you the youngest person in the office, and as such, you’re the de facto IT Director? Did you nod enthusiastically when your CFO asked if you could set up a new business email service for your company, only to be met with a much more involved process than you were expecting?
In this blog, you’ll get the 101 explanation of what an SPF record is, why they’re important, and what you need to do to implement them for your business email provider. After reading, you’ll be ready to implement your own SPF record for your office’s email service.
A Sender Policy Framework (SPF) record is unique to your company, and is used to verify IP addresses associated with your company’s email domain.
Without an SPF record, there’s no way for an email to prove that it was actually sent from an IP address that belongs to that domain — and so, if your email provider doesn’t have one, your emails may be considered unverified, and may be blocked by most spam filters.
It’s for precisely this reason that virtually every business makes use of an SPF record.
Having an SPF record in place does more than simply get your emails around spam filters — it prevents email clients from displaying warning messages about potential phishing scams when a user attempts to open one of your organization’s emails, and as such, dissuades bad actors from spoofing your domain name for their own phishing emails.
All in all, an SPF record is imperative for any business today.
An SPF record is simply a TXT record that includes your domain name, and all IP addresses associated with that domain, and that have permission to send emails using your domain name.
When you send an email from a domain with an SPF record, the mail server that receives the email will read the TXT record, and cross-reference the sender’s IP address against the IP addresses listed in the record. If it doesn’t match, the email will fail, and most likely be directed to their spam inbox.
A simple SPF record could look like this:
v=spf1 ip4:48.213.51.127 ip6:2a05:d018:e3:8c00:bb71:dea8:8b83:851e include:authorized-domain.com -all
Here’s what all that means:
Now that you know what an SPF record is, and the components that make it work, it’s time to make your own!
Step one: head on over to your DNS host. This is often the service you used to purchase your domain name, and hosts your organization’s website. Even if you built your website using a service like SquareSpace, Wix, or HubSpot, you’ll still need to do this through your actual DNS hosting provider. Sometimes, this would be something like GoDaddy or name.com.
Once you’ve accessed your DNS provider, you’ll need to head to your dashboard. Here, there will be an option to create an SPF record. To do so, go to the field where you can select which type of record to create. Your usual options will be “A Record,” “CNAME Record,” “MX Record,” and finally, “TXT Record.”
Choose TXT, and then begin creating your SPF record using the components listed above. If you’re wondering if you’re doing this correctly, your email provider will usually provide you with a string of text to copy and paste into the field you use to create your SPF Record. This can usually be found where your DNS information is kept.
After filling in the fields, make sure to save your changes. Adding an SPF Record can take up to 48 hours to enact, so don’t plan on being ready to go immediately after you set up your SPF Record.
SPF Records are important because they help protect email recipients from spam and phishing emails, and protect your organization from being spoofed or used as a trojan horse by bad actors.
We hope this blog has helped ease your worries about setting one up. If you have any questions about SPF records, email security, or IT in general, contact us here!
5 min read
Every year, thousands of Veterans transition from military service to civilian careers in Virginia, bringing invaluable skills and experiences to...
10 min read
It’s no secret that cybersecurity is paramount in today’s digital age, but that is especially true for businesses working within the defense sector.
6 min read
In the age of cyber threats, even the humble printer can pose a significant risk to your office's security.