How to Prevent Spoofed Emails (SPF)

Have you ever seen a message that was "from" your email address but you did not send it?

This is called "spoofing". What this means is that it is possible for anyone with basic technical skill to send messages as if they are "from" any email address. There is a mechanism that can prevent this commonly called SPF.

Essentially, this allows you to add a record to your domain that tells mail servers who is authorized to send mail for your domain. Mail from unauthorized sources will be rejected.

There are many sites where you can read about SPF and how to create a SPF record. One tool that many find useful is here: THIS IS A THIRD PARTY SITE AND WE MAKE NO CLAIMS OR WARRANTIES REGARDING ITS AVAILABILITY, CONTENT OR SAFETTY.

It is important to be careful when creating an SPF that you list all possible authorized sources. For example, to include your service with us you only need add the "MX" parameter.

If you use emailing services (e.g. Survey Monkey, Constant Contact, etc.) you will want to contact them to find out what needs added to your SPF record to ensure their mail is sent successfully on your behalf.

Also ensure that if your website sends mail (e.g. a Contact Us form), that you also contact your web host to ensure those emails are sent properly.

Finally, there are some settings in SPF that instruct mail servers how to treat your SPF record. Anything besides "-all" at the end essentially means the SPF record will do nothing.

Once you have created your SPF record, you will need to contact your DNS provider (typically the company who registered your domain name) or use their control panel to add the SPF record to your domain.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request