Not having SPF (Sender Policy Framework) record for a domain may help an attacker to send spoofed email, which will look like, originated from the real domain.
Not only that, but this will also result in land emails in the SPAM box when SPF missing.
Lately, I performed a Vulnerability Scan on my website through Detectify and found this critical item to fix.
It’s essential to have an SPF record for your domain to avoid your emails getting landed in the SPAM folder or avoid email spoofing.
Let’s take a look at the following online tools to test the SPF records.
SPF query tool by Kitterman allows you to quickly validate if the SPF record exists for a domain.
MX Toolbox is another SPF record checker tool along with many other emails related lookup.
Some more here you may try out.
How to mitigate the risk?
Fixing vulnerability requires you to add SPF details on your domain as a TXT record. Your hosting or email solution provider will share the SPF details. If you don’t have one, you may want to check with your hosting provider.
Here are some examples.
v=spf1 mx include:zoho.com ~all
“v=spf1 include:mailgun.org ~all”
If you are using multiple email solutions then you can have all in a single DNS record. The below example covers Google, Mailgun, and Zendesk.
v=spf1 include:_spf.google.com include:mailgun.org include:mail.zendesk.com -all
Once you have the SPF details, login to the domain registrar and add them as the TXT record. If you are not sure, you can speak to your provider and they should guide you. However, if you are using Cloudflare then here are the quick instructions.
- Login into Cloudflare
- Click on DNS tab
- Select the type as TXT and enter the details like shown below
It may take a few seconds to propagate and once done, you can test SPF details in the above-listed tools.
Now, my domain is secured from missing SPF and I hope this helps you to protect your email business.