0

SPF Primer


11/21/2021




Spoofed messages are an everyday threat to organizations worldwide. SPF is an entry in your server DNS that tells mail recipients which servers are allowed to send mail on your behalf.

For example, our SPF record at maysoft.com looks like this:
v=spf1 mx a ip4:208.85.190.133
include:spf.protection.outlook.com
include:spf.em.secureserver.net -all

When a server receives our mail, if it comes from the IP address 208.85.190.133 in our SPF records, that server will mark the message as an SPF "Pass". If the message does NOT come from that address (or the others listed) then that message is a an SPF "Fail".

How Verisend uses SPF
Messages that are received in Domino are first checked for SPF compliance using SpamSentinel or our Positive Identity for HCL Domino addin. We stamp the message with those results.

When the user opens the message, we have a Display Panel in the Notes client that reads those SPF results and displays for the user all good messages (SPF Pass) like this:


and bad messages (SPF Fail) like this:



But some senders don't bother to update their SPF records, so when we do a lookup, we get no result (SPF:None). When this happens, we are unable to determine if the sender is who they claim to be, so we show a Yellow Warning triangle and mark the message "Unverified":




Blog Tags
SPF



( vs )