Geekflare
[gtranslate]
Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
In Security and Test Management  |  Last updated: November 30, 2022
Share on:
Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

How to Test & Fix Missing SPF Record Vulnerability/Email Spoofing?

By
email spf test

Not having SPF (Sender Policy Framework) record for a domain may help an attacker to send spoofed email, which will look like, originated from the real domain.

Not only that, but this will also result in land emails in the SPAM box when SPF missing.

Lately, I performed a Vulnerability Scan on my website through Detectify and found this critical item to fix.

spf-vulnerability

It’s essential to have an SPF record for your domain to avoid your emails getting landed in the SPAM folder or avoid email spoofing.

Let’s take a look at the following online tools to test the SPF records.

Kitterman

SPF query tool by Kitterman allows you to quickly validate if the SPF record exists for a domain.

MX Toolbox

MX Toolbox is another SPF record checker tool along with many other emails related lookup.

Some more here you may try out.

How to mitigate the risk?

Fixing vulnerability requires you to add SPF details on your domain as a TXT record. Your hosting or email solution provider will share the SPF details. If you don’t have one, you may want to check with your hosting provider.

Here are some examples.

Zoho

v=spf1 mx include:zoho.com ~all

Mailgun

“v=spf1 include:mailgun.org ~all”

If you are using multiple email solutions then you can have all in a single DNS record. The below example covers Google, Mailgun, and Zendesk.

v=spf1 include:_spf.google.com include:mailgun.org include:mail.zendesk.com -all

Once you have the SPF details, login to the domain registrar and add them as the TXT record. If you are not sure, you can speak to your provider and they should guide you. However, if you are using Cloudflare then here are the quick instructions.

  • Login into Cloudflare
  • Click on DNS tab
  • Select the type as TXT and enter the details like shown below

cloudflare-add-spf

It may take a few seconds to propagate and once done, you can test SPF details in the above-listed tools.

spf-test

Now, my domain is secured from missing SPF and I hope this helps you to protect your email business.

  • Chandan Kumar
    Author
    As the founder of Geekflare, I’ve helped millions to excel in the digital realm. Passionate about technology, I’m on a mission to explore the world and amplify growth for professionals and businesses alike.
Thanks to our Sponsors
More great readings on Security
Power Your Business
Some of the tools and services to help your business grow.
  • Invicti
    Invicti uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.
    Try Invicti
  • Brightdata
    Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.
    Try Brightdata
  • Monday.com
    Monday.com is an all-in-one work OS to help you manage projects, tasks, work, sales, CRM, operations, workflows, and more.
    Try Monday
  • Intruder
    Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.
    Try Intruder