the greatest risks to IT security. The Messaging Anti-Abuse Working Group (MAAWG)
identifies 85% of incoming mail as abusive or malicious. One of the best
practices to reduce this risk is the Sender Policy Framework (SPF), an email
validation tool to prevent the sending and receiving of forged email messages.
When properly configured, SPF reduces both the likelihood of any domain name
being fraudulently used to send malicious emails and the likelihood that
organizations will receive such messages.
How the Sender Policy Framework Works
When an organization generates an SPF record in the Domain Name System (DNS)
it is identifying which hosts are permitted to send email from their domain.
This record allows message recipients to query and determine whether the
sending server is authorized to send from a domain. This diagram shows how SPF
is verified by the recipient’s mail system.
Testing for SPF records
The following
open-source tools exist to verify the SPF record for your organization:
SPF
Post a Comment