SPF Email

The pros and cons of SPF email authentication

Sender Policy Framework (SPF) is an important protocol for authenticating email that is used widely throughout the email industry. SPF email authentication enables senders to publish a list of authorized mail servers in an SPF record in the domain's DNS. Receiving mail servers can perform an SPF test to make sure the IP address in an inbound email matches an address in the SPF record. If an email fails an SPF Check, the email does not authenticate.

While SPF email authentication is helpful to a degree, it has significant drawbacks. Keeping SPF email records updated is time-consuming and problematic, and SPF doesn’t work for forwarded emails. Most importantly, SPF email tests offer no protection against criminals who spoof the display name or the “from” address in the email’s header – the part that’s most visible to recipients.

Consequently, more organizations today are turning to DMARC to improve email security. DMARC (Domain-based Message Authentication, Reporting & Conformance) builds on the SPF email protocol as well as the DKIM signature authentication technique. DMARC requires that any email pass one or both protocols and that the information in the “from’’ address match other information known about the sender. DMARC also provides instructions for how email that fails authentication should be treated.

While DMARC significantly increases email security for brands, it can be complicated and costly to deploy and manage. Mimecast solves this challenge with Mimecast DMARC Analyzer, an easy-to-use solution to deploy DMARC.

Mimecast DMARC Analyzer

Mimecast DMARC Analyzer is a SaaS solution that allows organizations to manage complex DMARC deployments more easily. DMARC Analyzer acts as an expert guide, providing user-friendly analyzing software that helps organizations move to a DMARC policy as fast as possible.

While other DMARC solutions tend to require ongoing professional services to operate successfully, Mimecast's offering is designed for simple and effective self-service to reduce the time, cost and effort required to stop domain spoofing attacks.

DMARC Analyzer provides:

• 360° visibility and governance across all email channels to ensure that legitimate email does not get blocked.
• Self-service email intelligence tools to move to an enforced DMARC policy as fast as possible.
• Alerts, reports and charts that facilitate enforcement and help to monitor ongoing performance.

A comprehensive email security solution

In addition to DMARC Analyzer, Mimecast offers a suite of email security technologies that together deliver multilayered defenses that maximize protection for organizations and their users and customers. Mimecast email security solutions help to prevent:

• Sophisticated, targeted threats. Mimecast Secure Email Gateway protects against threats like spear-phishing, malware, spam and zero-day attacks through the use of multiple detection engines and intelligence feeds.
• Attacks that start or spread internally. Mimecast Internal Email Protect combats threats that originate from within an email system or that spread silently from user to user. Mimecast scans all internally generated email for malware and malicious links in attachments, continually monitoring and rechecking the status of all previously delivered files.
• Malicious URLs. Mimecast URL Protect blocks malicious URLs through multi-step detection that includes pre-click URL discovery, on-click inline employee education and post-click resolution and blocking of dangerous file types.
• Threats in attachments. Mimecast Attachment Protect uses threat intelligence and multiple layers of defenses to stop attacks that are embedded within email attachments.
• Malware-less impersonation attacks. Mimecast Impersonation Protect identifies threats that use domain similarity and social engineering to carry out spear-phishing and business email compromise attacks. Mimecast scans every inbound email to detect header anomalies, suspicious content, domain similarity and recently registered domains – all potential signs of impersonation attack.