You may have come across circumstances where your colleague claims to have received a mail from you which you never sent! Well, spammers forge your address and misuse it as SMTP can allow anyone to send emails claiming to be someone else.
Sometimes, non-technical users would not be able to figure out if the mail is coming from you and give confidential information which results in mayhem. The spammers put your address in the “From” field while sending the email which would seem like you sent the email.
What is SPF:
SPF (stands for sender policy framework) is a spam handling technique which helps to prevent the forgery of the sender address. It basically entitles the owner of every domain to specify a list of mail servers which are used by them to send emails.
So, a record called the SPF record can be added to the DNS records of your domain which lists all your mail servers and when the email is received by another domain, it can check if the mail is indeed from you by checking your SPF records. The receiving server will take necessary actions depending on the SPF authenticity.
How to authenticate Google Apps domain with SPF:
To configure the SPF records for your domain in Google, you can follow the below steps:
- Go to the admin page of your domain registrar where you can manage the DNS records.
- Add a new TXT record as: v=spf1 include:_spf.google.com ~all
- If you need to specify any other IP addresses or servers apart from the Google servers, you can form your SPF referring the SPF record syntax.
- Save the changes and the SPF would propagate within a few hours. It may take 48 hours as stated by Google but generally a few.
SPF record technical explanation:
The first part “v=spf1” states that we are using the version 1 of SPF.
The second part “include:_spf.google.com” states that you are allowing the Google Apps mail servers/IPs to send emails on your behalf or from your domain. If you need to add additional IP address to the SPF, you can use the syntax “ip4:<your_IP>”.
The last part of the syntax “~all” (called as SoftFail) says that this mail is not coming from the intended sender and should be subjected to further analysis.
Specifying “-all” would simply reject all messages which fail SPF authentication and may lead to delivery issues on your end.
How to check your SPF record:
Once you have added the SPF record, you can verify it by checking your DNS records with the below popular tool:
You just need to enter your domain name and it can retrieve your SPF record and show if it is published successfully or not.