Not having SPF (Sender Policy Framework) record for a domain may help an attacker to send spoofed email, which will look like, originated from the vulnerable domain.
Not only that, this will also result to land emails in SPAM box when SPF missing.
Lately, I performed Vulnerability Scan on my website through Detectify and found this critical item to fix.
It’s essential to have SPF record for your domain to avoid your emails getting landed in SPAM folder or avoid email spoofing.
Let’s take a look at an online tool to test the SPF Records.
Kitterman
Kitterman’s SPF record testing tools allow you to quickly validate if SPF record exists for a domain.
MX Toolbox
MX Toolbox is another SPF record checker tool along with many other emails related lookup.
Some more here you may try out.
Fixing vulnerability requires you to add SPF details in your domain as TXT record. Your hosting provider will give SPF details. If you are on shared hosting, you need to check with your provider.
If you are on VPS using mail service like Zoho then you can add value.
v=spf1 mx include:zoho.com ~all
You need to add the SPF details in your Domain Panel. If you are on shared hosting then you can take help from hosting provider support.
However, if you are on Cloud Flare then here is the quick instruction.
- Login into CloudFlare
- Click on DNS tab
- Select the type as TXT and enter the details like shown below
It may take few seconds to propagate and once done, you can test SPF details in above-listed tools.
Now, my domain is secured from missing SPF and I hope this helps you to protect your email business.
great article
Thanks Jan.