IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [spf]

Sender Policy Framework (SPF) is an email authentication method designed to detect forged sender addresses in emails (email spoofing), a technique often used in phishing and email spam.

77 questions
124
votes
5 answers

Why do phishing e-mails use faked e-mail addresses instead of the real one?

I read that you can write anything into the From: field of an e-mail. If that is true, then why are phishing e-mails trying to trick me with look-a-like addresses like service@amaz0n.com instead of just using the actual service@amazon.com itself?
JFB
  • 1,685
  • 3
  • 13
  • 11
10
votes
4 answers

Spam email "via" my domain, but SPF record exists

I just got an email from some random person's name "via" info@mydomain.com, although info@mydomain.com is just a distribution group within G Suite. We have an up-to-date SPF record added from Google, and I'm not quite sure what or how another person…
LewlSauce
  • 213
  • 2
  • 6
8
votes
2 answers

How did a phishing email pass SPF, DKIM and DMARC?

A friend received a spoofed email (from Bank of America using an uber.com address) which was correctly identified as 'spam' by Gmail. However, looking at the raw message it seems to have passed SPF, DKIM and DMARC checks. 1) How did a spam email…
Islay
  • 593
  • 1
  • 4
  • 9
6
votes
1 answer

Can DMARC's SPF alignment be spoofed?

IP addresses can be spoofed. The Envelope-From and Header-From addresses can be spoofed as well. But is it possible to spoof all three at the same time to send a forged email that passes both SPF and SPF alignment in DMARC? If it is possible,…
hilltothesouth
  • 417
  • 4
  • 9
6
votes
2 answers

Can SPF be bypassed by using a shared email server?

As I understand it, SPF works by listing permitted SMTP server domains in the TXT DNS record of the domain you own. So if I own example.com and wish to permit a 3rd-party SMTP server at smtpexample.com to send emails on behalf of my domain, I add…
Widor
  • 311
  • 2
  • 8
5
votes
2 answers

How are SPF records used in practice?

I always thought that receiving email servers check the "from" domain's SPF record to verify that the sending server is allowed to send email. For example, if I sent email from "atte@atte.com", the receiving email server would query DNS records for…
Atte Juvonen
  • 440
  • 1
  • 4
  • 10
5
votes
1 answer

Why set up DMARC for SPF if it's already set up for DKIM?

I have SPF and DKIM. I'm planning on adding DMARC to tell receivers to expect SPF and/or DKIM. I've read that it's best to set DMARC up with both SPF and DKIM, but I don't understand exactly when having it for both would be better than having it…
Qaz
  • 185
  • 6
5
votes
2 answers

How can I prevent email spoofing from my domain?

I recently registered a domain name, and set up an email account tied to it with Zoho mail. I'm concerned about making sure all emails from this domain are signed to prevent spoofing. I've enabled SPF and DKIM on Zoho and my domain, but is this…
Myridium
  • 156
  • 1
  • 8
4
votes
2 answers

How to fix DMARC alignment failure

I'm sending emails via the Ionos mail servers. I've got spf set up, but dmarc still fails. This seems related to: Why is DMARC failing when SPF and DKIM are passing? But I can't figure out how to fix it. My dns records: TXT @ "v=spf1…
danielmoessner
  • 43
  • 5
4
votes
3 answers

Why is DMARC failing when SPF and DKIM are passing?

I've seen this question asked before, but unfortunately, don't understand the responses. I think its something to do with "from" headers being defined differently by different standards. I've added all the domains in the "from" to SPF records, but…
Dedicated Managers
  • 141
  • 1
  • 2
4
votes
1 answer

DMARC "policy_evaluated" is "fail" for SPF, even when SPF domain alignment is "relaxed"?

A DMARC aggregate report which I received reads (irrelevant pieces removed, domains changed): none pass fail
Konstantin Shemyak
  • 639
  • 5
  • 12
4
votes
2 answers

Email verification by sending mail instead of receiving

I have an app whose main purpose is to help people track emails they send. In most user onboarding, The user is sent a secret URL via email. They validate by clicking a link to return the secret. An alternative would be to create a mailto: link…
Michael Cole
  • 288
  • 1
  • 8
4
votes
2 answers

Can a custom return path make SPF redundant

My understanding is that SPF can be used to define a set of IP addresses that are permitted to send outbound emails on behalf of a domain. If a mail server that is not included in the set of permitted IP addresses sends an email, the receiving…
David
  • 167
  • 6
4
votes
3 answers

Do SPF records apply to all subdomains?

Does a SPF record apply only on the domain it’s setup for or also for all it’s subdomains? For example an SPF record that is configured for the domain example.com will set the policy for mails ending with @example.com. So if that is the only SPF…
Bob Ortiz
  • 6,234
  • 8
  • 43
  • 90
4
votes
3 answers

Security of SPF vs SPF and DKIM in email

I am looking for an email provider that I will use with custom domain, one provider is cheaper but has only SPF while the other is more expensive but uses both SPF and DKIM and I'm not sure if paying more is worth it if the other factors are…
user139275
  • 41
  • 1
  • 1
  • 2
1
2 3 4 5 6