SPF Email

    Mimecast's DMARC Analyzer builds on the SPF email protocol by strengthening email security defenses against potential spoofing.

    Free SPF Record Check

    Check My Domain

    The pros and cons of SPF email authentication

    Sender Policy Framework (SPF) is an important protocol for authenticating email that is used widely throughout the email industry. SPF email authentication enables senders to publish a list of authorized mail servers in an SPF record in the domain's DNS. Receiving mail servers can perform an SPF test to make sure the IP address in an inbound email matches an address in the SPF record. If an email fails an SPF Check, the email does not authenticate.

    While SPF email authentication is helpful to a degree, it has significant drawbacks. Keeping SPF email records updated is time-consuming and problematic, and SPF doesn’t work for forwarded emails. Most importantly, SPF email tests offer no protection against criminals who spoof the display name or the “from” address in the email’s header – the part that’s most visible to recipients.

    Consequently, more organizations today are turning to DMARC to improve email security. DMARC (Domain-based Message Authentication, Reporting & Conformance) builds on the SPF email protocol as well as the DKIM signature authentication technique. DMARC requires that any email pass one or both protocols and that the information in the “from’’ address match other information known about the sender. DMARC also provides instructions for how email that fails authentication should be treated.

    While DMARC significantly increases email security for brands, it can be complicated and costly to deploy and manage. Mimecast solves this challenge with Mimecast DMARC Analyzer, an easy-to-use solution to deploy DMARC.

    The pros and cons of SPF email authentication

    SPF check, the email does not authenticate.

    While SPF email authentication is helpful to a degree, it has significant drawbacks. Keeping SPF email records updated is time-consuming and problematic, and SPF doesn't work for forwarded emails. Most importantly, SPF email tests offer no protection against criminals who spoof the display name or the "from" address in the email's header – the part that's most visible to recipients.

    Consequently, more organizations today are turning to DMARC to improve email security. DMARC (Domain-based Message Authentication, Reporting & Conformance) builds on the SPF email protocol as well as the DKIM signature authentication technique. DMARC requires that any email pass one or both protocols and that the information in the "from'' address match other information known about the sender. DMARC also provides instructions for how email that fails authentication should be treated.

    While DMARC significantly increases email security for brands, it can be complicated and costly to deploy and manage. Mimecast solves this challenge with Mimecast DMARC Analyzer, an easy-to-use solution to deploy DMARC.

    SPF check, the email does not authenticate.

    Sie wollen mehr erfahren?

    Demo vereinbaren

    Mimecast DMARC Analyzer

    Mimecast DMARC Analyzer is a SaaS solution that allows organizations to manage complex DMARC deployments more easily. DMARC Analyzer acts as an expert guide, providing user-friendly analyzing software that helps organizations move to a DMARC policy as fast as possible.

    While other DMARC solutions tend to require ongoing professional services to operate successfully, Mimecast's offering is designed for simple and effective self-service to reduce the time, cost and effort required to stop domain spoofing attacks.

    DMARC Analyzer provides:

    • 360° visibility and governance across all email channels to ensure that legitimate email does not get blocked.
    • Self-service email intelligence tools to move to an enforced DMARC policy as fast as possible.
    • Alerts, reports and charts that facilitate enforcement and help to monitor ongoing performance.
    Mimecast DMARC Analyzer

    Self-service tools for fast and easy DMARC deployment

    To improve SPF email authentication with DMARC, DMARC Analyzer provides self-service tools that include:

    • Easy to use aggregate reports and charts for faster analysis.
    • A setup wizard to generate DMARC records.
    • Tools to monitor DNS changes over time and receive proactive alerts when a record changes.
    • Unlimited users, domains and domain groups for full email authentication coverage.
    • Enhanced security featuring two-factor authentication.
    • Daily and weekly summary reports that enable administrators to follow progress over time.
    • Forensic reports that make it easier to track down and stop the sources of malicious email.
    • Validators and checkers for DMARC, DKIM and SPF email records.
    • Optional managed services delivered by Mimecast experts that help to minimize risk and deliver DMARC enforcement in the shortest time possible.
    Self-service tools for fast and easy DMARC deployment

    A comprehensive email security solution

    In addition to DMARC Analyzer, Mimecast offers a suite of email security technologies that together deliver multilayered defenses that maximize protection for organizations and their users and customers. Mimecast email security solutions help to prevent:

    • Sophisticated, targeted threats. Mimecast Secure Email Gateway protects against threats like spear-phishing, malware, spam and zero-day attacks through the use of multiple detection engines and intelligence feeds.
    • Attacks that start or spread internally. Mimecast Internal Email Protect combats threats that originate from within an email system or that spread silently from user to user. Mimecast scans all internally generated email for malware and malicious links in attachments, continually monitoring and rechecking the status of all previously delivered files.
    • Malicious URLs. Mimecast URL Protect blocks malicious URLs through multi-step detection that includes pre-click URL discovery, on-click inline employee education and post-click resolution and blocking of dangerous file types.
    • Threats in attachments. Mimecast Attachment Protect uses threat intelligence and multiple layers of defenses to stop attacks that are embedded within email attachments.
    • Malware-less impersonation attacks. Mimecast Impersonation Protect identifies threats that use domain similarity and social engineering to carry out spear-phishing and business email compromise attacks. Mimecast scans every inbound email to detect header anomalies, suspicious content, domain similarity and recently registered domains – all potential signs of impersonation attack.
    A comprehensive email security solution

    FAQs: What is SPF email authentication?

    What is SPF email authentication?

    The SPF email authentication technique enables a domain owner to publish information in an SPF record in the DNS that lists the IP addresses authorized to send email for the domain. A receiving mail server can check that list against the IP address in any incoming email to determine whether the message is authentic.

    What are the limitations of SPF email authentication?

    SPF email authentication has a few major limitations. It can only check the authenticity of the "envelope from" address but cannot identify emails where the sender is spoofing the display name or the "header from" address in the message. SPF breaks when a message is forwarded and maintaining and updating SPF records can be a challenge as brands add new mail streams or change ISPs.

    What is an SPF record check?

    An SPF record check is a tool to look up an SPF record and to determine whether an SPF record is valid or whether it contains errors that may cause problems with mail delivery. Mimecast DMARC Analyzer offers a free SPF record checker that will look up an SPF record for any domain, display the record and search for issues with syntax or data that may create issues.

    FAQs: What is SPF email authentication?

    Expert Security Insights

    Additional security resources you may be interested in: