Category Archives: email spoofing

What is Sender Policy Framework (SPF)?

Posted on by
Reply

Sender Policy Framework (SPF) is has been designed to reduce or stop forged email
from being sent.

The domain the sender says that it is from gets checked by
the Sender Policy Framework(SPF) and checks if the sender is allowed (according to the DNS entry) to send email from
that domain. In this case, the offender tries to send mail from a fake
address, then the message will be rejected.

To accomplish this you will need to add a text record to the DNS to define the mail servers allowed to send on behalf of the domain.

An excellent resource for learning more about SPF records on how to create them is OpenSPF.org.

What is email spoofing?

Posted on by
Reply

Email spoofing refers to the sending email from one source, but making it appear message was sent from
a different source. The email comes from spam@spam.com but it appears to be from you@yourdomain.com. Also, making the email appear to come from an
unknown user within your domain name. For example, the message appears
to be idontworkhere@yourdomain.com.

OK, it does not mean you should immediately think a hacker has taken control of your network or email. It simply means someone has created a workaround to send email as another domain. Not to minimize that this can be extremely annoying as it typically yields many return receipts. I advise taking action to combat this by adding an SPF record to DNS.