Did you know more than 90 percent of all cyberattacks start with email? In the evolving email landscape, danger lurks everywhere. Phishing attempts and domain spoofing attacks have skyrocketed over the past several years. By the end of 2023, the global annual cost of cyber crime is predicted to exceed $8 trillion.
Even the most experienced marketing teams can mistakenly expose their email programs to harm. To protect yourself, your brand, and your customers from phishing and spoofing attacks, authenticating your email is paramount.
SPF (Sender Policy Framework) is a type of DNS TXT record (more on DNS later) that allows senders to specify which IP addresses are authorized to send email on behalf of a particular domain.
Why is this important? An SPF-protected domain is less attractive to fraudsters and is therefore less likely to be blacklisted by spam filters. SPF authentication also ensures that legitimate email from the domain is delivered.
Since email authentication can be technical and somewhat confusing, let’s break down the process of building an SPF record into five simple steps.
The first step to implement SPF is to identify which mail servers you use to send email from your domain. Many organizations send mail from a variety of places. Make a list of all your mail servers and their IP addresses, and be sure to consider whether any of the following are used to send email on behalf of your brand:
If you’re unsure of what your IP addresses are, reach out to your ESP to get a list of the addresses associated with your account, or your IT System Administrator to compile a list of IP addresses your business uses.
Chances are, your company owns many domains. Some of these domains are used to send email. Others aren’t.
It’s important to create SPF records for all the domains you control, even the ones you’re not mailing from. Why? Once you’ve protected your sending domains with SPF, the first thing a criminal will do is try to spoof your non-sending domains.
SPF authenticates a sender’s identity by comparing the sending mail server’s IP address to the list of authorized sending IP addresses the sender publishes in the DNS record. DNS records are essentially records used to map URLs to numerical IP addresses. These records include instructions and information about a domain, including which IP address is associated with that domain and how to handle requests for that domain.
Now, let’s get to the nuts and bolts. While marketing professionals might help with steps one and two, it’s now time to hand things off to your IT team or ESP. Here’s how they create your SPF record:
Congratulations! You’ve created your SPF record. Now, it’s time to publish it.
Your company’s IT or security team will work with your DNS server administrator to publish your shiny new SPF record to DNS. SPF records should not be confused with MX records, which contains the DNS information for the mail server.
If you’re using a hosting provider such as 123-reg or GoDaddy, then this process is fairly simple. If your ISP administers your DNS records or if you aren’t sure, contact your IT department for support. Email service providers typically publish SPF records for sending domains on your behalf.
Testing to make sure the SPF record is working as expected is an important part of the pre-send optimization process, and should be done before sending any major email campaign.
Start by testing your SPF record with an SPF check tool. You’ll be able to see what recipients see: A list of the servers authorized to send email on behalf of your sending domain. If one or more of your legitimate sending IP addresses is not listed, you can update your record to include it.
Don’t assume your email marketing program is bulletproof. The costs of lax email program security can range from minor business disruptions to millions of dollars in revenue loss and reputational damage. Plus, SPF is an important component of email deliverability—a sender’s ability to reach subscriber inboxes instead of being blocked or filtered to spam.
For an easy, 30-minute breakdown of other email authentication protocols, watch our on-demand webinar, “An Email Marketer’s Crash Course in DMARC, SPF, and DKIM.”