SENDER POLICY FRAMEWORK (SPF)
This blog refers to Mailprotector Email system
Spoofing and phishing email activity observed over the past few months and feedback from Mailprotector’s partners has led to modifying the enforcement of SPF (Sender Policy Framework) records for incoming emails.SPF indicates what sources are authorized to send emails for a domain.
Major email services are also enforcing SPF to improve email security, increasing the importance of managing SPF records for consistent and predictable email delivery.
Email security continues to change, and the efforts to stop spam, phishing and other abuses require improvements to mail flow processing. SPF is widely used and is a starting point for determining email authenticity. Future improvements and support for DKIM and DMARC will require sound SPF implementation and management.
Mailprotector is following the SPF specification more closely, as defined by RFC 7208, protecting against SPF failures from being delivered to end-users. An SPF record indicates whether to treat failure as a “hard fail” or “soft fail.”
The SPF RFC recommends bouncing messages for hard failures and filtering messages for soft failures. Mailprotector’s belief that all email should be processed and logged for visibility means the enforcement is slightly different.
Hard failures are considered spam and are sent to the user’s quarantine. Soft failures receive a score increase, but may not be high enough to filter the message on its own.
End-user Experience Changes
The end-users may not observe an apparent change. Emails that have been delivered in the past may not be delivered if the SPF record is not correct. For example, a multi-function device that sends emails of scanned documents may be quarantined if the IP or hostname of the device is not included in the domain’s SPF record.