One technique that spammers have been using for years is to “spoof” email addresses. You may have seen emails coming into your inbox supposedly from your email account when you did not actually send them; this is one example of spoofing.
Malware authors who want to infect your computer may spoof an email appearing to be from someone trusted in your company. This can make their email look more legitimate and maybe catch you in a weak moment. I have actually seen this happen and fortunately no harm was done, but things do not always turn out so well. The email could have contained a Trojan or a Ransomware program which is all the rage these days.
Setting up an SPF record can greatly reduce the amount of illegitimate email with your domain name on it. The SPF record will indicate which IP addresses are authorized to send email from your domain. If a spam filter which is configured to honour SPF records encounters an email from an unauthorized IP address, then it will either “soft fail” or “hard fail” the email, depending on the setting on your SPF record.
An SPF record is a DNS record, so it has to be added to your domain’s DNS zone file by someone with access to the zone. There are two things you need to properly configure an SPF record:
- A complete list of IP addresses or domains authorized to send email for your domain
- Decide what to do with email that fails the SPF record check
At ideaLEVER, we did a survey and determined that all of our computers and phones are configured to send email from any of the following:
- smtp.idealever.com
- a telus.net mail server
- a webserver in Kamloops
- a webserver in Lethbridge
So our SPF record lists these four servers as authorized to send email from @idealever.com
The second thing to decide is what to do if an email comes in from somewhere other than these authorized servers. This will happen if an employee forgot that their iPad was configured to send from gmail, and it will happen if someone is spoofing one of our email addresses to send us spam.
There are three options: just ignore it, and put a note in the email’s header that it failed the SPF check; soft-fail it, which scores the email as likely being spam; or hard-fail it, which rejects the email as spam.
We initially configured our SPF record to do a soft fail, just to see what would happen, and then after a few days, changed it to hard fail. Our spam filter does a good job of honouring the SPF record, and it catches quite a bit of spoofed email. Aside from relieving the annoyance of large amounts of spam, this gives us some defense from the bad guys who will send something appearing to be from our accountant in an effort to trick us into clicking an attachment containing their malware payload.
While there is no single perfect solution for eradicating spam, your best defence comes from a combination of factors including a good spam filter and a certain amount of caution when dealing with incoming email. Setting up an SPF record for your domain is another level of defence to protect you.
If you are an ideaLEVER client and we host your DNS, give us a call and we can help sort this out for you. If you are an ideaLEVER client and you are not sure if we host your DNS, give us a call anyway, and we will point you in the right direction.
Tags: spam, dns, spf, spoofing, phishing