Sender Policy Framework (SPF) is an email authentication method designed to detect forged sender addresses in emails (email spoofing), a technique often used in phishing and email spam.
Questions tagged [spf]
77 questions
3
votes
2 answers
Is a ptr mechanism in an SPF record secure?
If I understand the SPF Record Syntax correctly, any machine with an IP that points to my-domain.com can send email as if it's from my-domain.com if I'm using ptr in my SPF record.
Anyone can create a PTR record for his IP(s).
Then isn't it a…
user21287
3
votes
2 answers
What is the point of having SPF and DKIM set up, but having DMARC with policy=none?
Under this FAQ it says that using policy=none is a way for domain owners to monitor forged emails, without having to set up SPF/DKIM. But what im wondering, because i dont fully understand what SPF/DKIM itself does, is: What is the point of having…
Flying Thunder
- 267
- 1
- 2
- 6
3
votes
1 answer
Does gmail still ignore DKIM if SPF passes, DMARC style?
This blog post from 2016 shockingly implies that gmail will accept an email if either SPF or DKIM passes. We use G suite SMTP servers, therefore SPF provides almost zero protection from spoofing. Is this still the case?
Since DMARC only needs one…
Morrison
- 33
- 3
3
votes
2 answers
What is the reason for DMARC spec to not require specifically SPF or DKIM pass?
DMARC produces "pass" result if and only if at least one of SPF and DKIM checks pass. It has been noted that DKIM provides stronger protection of the two (if implemented properly). But, in order to require namely DKIM passing by a DMARC policy, one…
Konstantin Shemyak
- 639
- 5
- 12
3
votes
2 answers
DMARC policy result when exactly one of SPF and DKIM fails and exactly one succeeds
E-mail forwarding can break SPF, but it should not break DKIM. I want to make a DMARC policy that will evaluate to "pass" when either DKIM or SPF passes, and "fail" when neither DKIM or SPF passes. Is this possible? If so, how is this done?
I'm…
jornane
- 415
- 2
- 14
3
votes
1 answer
Understand DMARC report before starting quarantine
I work for a small company. We have lot of IP black listed because of spamming.
We decided to setup dmarc for our mail server. This has been setup and is working correctly.
The issue now is that in the report, few record pass dmarc policy and…
dmx
- 227
- 3
- 8
3
votes
1 answer
Dmarc: Why do I have dkim=fail, spf=fail and result=pass
I have set up my company dmarc. It is in test mode and I regularly receive reports. Some seem weird to me and I would like to understand. For example, I have received a report with SPF and dkim failed, but the result is passed. I would like to go…
dmx
- 227
- 3
- 8
3
votes
1 answer
How to read dmarc record for a report?
I have a dmarc file containing some record. I am bit surprised by the result and I would like to make sure I am reading it correctly.
Here is the record:
1.2.3.4
1
…
dmx
- 227
- 3
- 8
3
votes
3 answers
What does a failed SPF record tell me from a DMARC Aggregate report?
I just started receiving DMARC aggregate reports. I am trying to understand what it means for a Source IP to fail SPF. Does this mean that the domain that failed the SPF tried to send an email on behalf of my domain? (essentially spoof my domain?).…
Dave
- 31
- 1
3
votes
0 answers
How does SPF makes life any harder for a spammer/phisher?
I am studying a little bit SPF and other spam/phishing prevention techniques that have been developed during the years, and I have a few question about SPF. I know the difference between the MAIL FROM verb and the FROM header, but I am having…
Alessandro Guagnelli
- 51
- 3
3
votes
1 answer
Are high levels of email spam normal?
I have got my SPF, DKIM & DMARC records correctly setup and I have started using a DMARC analysis service.
One thing I have noticed is the volume failures. For example, in the last 3 days I have had 16,000 without correct SPF & DKIM.
I am confidant…
Ashley Medway
- 131
- 4
3
votes
1 answer
Best email SPF practice for dispersed users?
I am the sysadmin for my church. Our church has our own domain website and email hosted externally. We have about 50 members or so who use their church email from home. I am just looking for best practices that I can employ in our DNS to help…
user53029
- 2,657
- 5
- 24
- 35
2
votes
2 answers
Flattening an SPF record - drawbacks and downsides?
I have an SPF record that has too many DNS lookups. Consequence is some mail servers will silently drop emails; RFC7028 says that over 10 lookups:
SPF implementations MUST limit the total number of those terms to 10 during SPF evaluation, to avoid…
Criggie
- 508
- 3
- 12
2
votes
1 answer
If I leave SPF not set on my domain, is that a factor for email servers to mark emails from this domain as spam?
I wonder if the lack of an SPF DNS record is a factor in the decision to mark a message as spam.
I understand that an SPF fail is definitively such a factor, i.e. when SPF is configured, but a message has "MAIL FROM" / "Return-Path" domain not on…
Jan Żankowski
- 311
- 1
- 2
- 11
2
votes
3 answers
SPF and Office 365 email accounts spoofing other Office 365 email accounts
After an incident, I have a question which answer's I cannot find.
I cannot provide the real headers as they come from a client.
Let’s consider a company which uses an Office365 tenant as mail server. Its domain is example.com, and mail addresses…
Ixiliae
- 21
- 2