The limitations of an SPF check
The Sender Policy Framework (SPF) is an email authentication technique that is used to prevent spammers and cyber criminals from sending messages on behalf of your domain name. SPF enables domain owners to publish an SPF record in the DNS that specifies which mail servers or IP addresses they use to send email. During SPF email authentication, a receiving mail server performs an SPF check to verify that the domain in the "envelope from" address in the email header matches a valid IP address in the SPF record. If the addresses don't match, the email fails the SPF test and the email can be rejected by the email receiver.
An SPF check has limitations, however. It doesn't work when messages are forwarded, and it does nothing to protect against attacks spoofing only the "header from" address (the address that's visible to users). Keeping SPF records updated as organizations change service providers and add mail streams can be difficult.
The email validation system DMARC (Domain-based Message Authentication, Reporting & Conformance) builds on the SPF check protocol (as well as the DKIM signature protocol) to provide a more powerful defense against email spoofing. DMARC augments the SPF check process by letting receiving mail servers know whether a domain is protected by SPF and/or DKIM and provides instructions on how to treat messages that don't pass either of these authentication protocols.
While DMARC can help protect against email spoofing more effectively, it can be difficult and time-consuming to deploy without the right tools. For organizations that want to bolster their email security with DMARC authentication, Mimecast provides a simple and effective solution that reduces the time, effort and costs to deploy DMARC.
Mimecast DMARC Analyzer
Mimecast DMARC Analyzer enables companies to deploy DMARC quickly and easily. As a 100% SaaS-based solution, DMARC Analyzer significantly reduces the time and complexity of a DMARC deployment project and provides tools to streamline the ongoing management of DMARC enforcement.
With DMARC Analyzer, you can:
- Detect and block attackers using your domains to spoof your customers, your employees and other parties.
- Use a step-by-step approach and self-service tools for publishing DMARC records to accelerate DMARC implementation.
- Gain 360° visibility and governance across all email channels.
- Track ongoing performance with configurable alerts, reports and charts that help to achieve an enforced DMARC policy more quickly.
Key features of DMARC Analyzer
DMARC Analyzer acts as an expert guide to move towards a reject policy as fast as possible. Features of DMARC Analyzer include:
- Unlimited users, domains and domain groups to provide complete coverage of email security.
- Automated alerts and reporting through email.
- DMARC/SPF/DKIM record checkers.
- User-friendly charts and statistics for monitoring performance.
- Two-factor authentication to enhance security.
- Forensic reports that help email administrators identify and stop the sources of malicious email.
- A DMARC record setup wizard that facilitates fast and easy DNS updates.
- Summary reports provided daily and weekly to track progress.
- Tools to check DNS changes over time and proactive email alerts when DNS records are altered.
- Managed services (optional) that help to minimize risk and that offer the shortest path to DMARC enforcement.
Mimecast email security with Targeted Threat Protection
Mimecast provides additional, comprehensive solutions for protecting email in Mimecast Email Security with Targeted Threat Protection. This set of cloud services is designed to provide next-generation protection against advanced email-borne threats like malware, impersonation attacks, malicious URLs and internally generated threats.
- Secure Email Gateway deploys multiple detection engines and uses threat intelligence feeds to stop spear-phishing, malware, spam, zero-day attacks and other threats at the email gateway.
- URL Protect protects users and the organization from malicious URLs within email by rewriting URLs in inbound email and scanning links in real time on every click.
- Attachment Protect blocks potentially dangerous attachments, applying multiple inspection analytics on each file. Mimecast uses multiple anti-virus engines, static file analysis, safe file conversion and behavioral sandboxing to neutralize threats within attachments.
- Impersonation Protect scans all inbound email in real time for the signs of malware-less, social engineering-based attacks. Mimecast searches for header anomalies, domain similarity, suspicious content, international character sets often used in domain similarity, and external domain similarity to prevent attackers from exploiting trusted third-party relationships.
- Internal Email Protect inspects internally generated email for malicious links, attachments and sensitive content to prevent the spread of attacks within the organization.
FAQs: What is an SPF check?
What is SPF?
SPF, or Sender Policy Framework, is an email authentication protocol that lets the owner of a domain provide information in a DNS record about which IP addresses the domain uses to send email.
What is an SPF check?
When an email message is sent, the receiving mail server can perform an SPF check to verify that the IP in the "envelope from" address in the message's header matches the IP addresses listed in the domain's SPF record in the DNS. If the SPF check is successful, the message is sent onto the recipient. If the SPF check fails, that information can help the receiving mail server to determine whether the message should be delivered in the inbox, sent to the spam folder or needs to be blocked.
What is an SPF record check?
An SPF record check is a diagnostic tool that can look up and validate an SPF record. An SPF record check can highlight any errors within the record that might affect successful delivery of email messages. Mimecast offers a free SPF record check along with free checks of DKIM records and DMARC records.