Not having SPF (Sender Policy Framework) record for a domain may help an attacker to send spoofed email, which will look like, originated from the vulnerable domain.

Not only that, this will also result to land emails in SPAM box when SPF missing.

Lately, I performed Vulnerability Scan on my website through Detectify and found this critical item to fix.

spf-vulnerability

It’s essential to have SPF record for your domain to avoid your emails getting landed in SPAM folder or avoid email spoofing.

Let’s take a look at an online tool to test the SPF Records.

Kitterman

Kitterman’s SPF record testing tools allow you to quickly validate if SPF record exists for a domain.

MX Toolbox

MX Toolbox is another SPF record checker tool along with many other emails related lookup.

Some more here you may try out.

Fixing vulnerability requires you to add SPF details in your domain as TXT record. Your hosting provider will give SPF details. If you are on shared hosting, you need to check with your provider.

If you are on VPS using mail service like Zoho then you can add value.

v=spf1 mx include:zoho.com ~all

You need to add the SPF details in your Domain Panel. If you are on shared hosting then you can take help from hosting provider support.

However, if you are on Cloud Flare then here is the quick instruction.

  • Login into CloudFlare
  • Click on DNS tab
  • Select the type as TXT and enter the details like shown below

cloudflare-add-spf

It may take few seconds to propagate and once done, you can test SPF details in above-listed tools.

spf-test

Now, my domain is secured from missing SPF and I hope this helps you to protect your email business.