Mail authentication: SPF protocol

Mail authentication

Despite today’s awareness of email fraud, employees continue to be the primary gateway for malicious software into businesses.

These malwares can, among other things, spoof corporate identities to send massive phishing campaigns, block devices or steal confidential information in exchange for large sums of money (ransomware).

According to various studies, about 30% of emails that attempt to scam users are opened by recipients, and up to 12% of them click on the malicious link.

For this reason, there are several security measures to protect the email systems that are put into operation every time we send or receive an email: SSL/TLS encryption, SPF, DKIM, DMARC, Sender verify … These measures are applied by means of message filtering, sender verification protocols, and so on.

about 30% of emails that attempt to scam users are opened by recipients

In this series of articles we will deal with email authentication, one of the most complex fields of email security from a technical point of view. In addition, we will explain the main protocols of email authentication and the importance of its use:

SPF: Sender Policy Framework

DKIM: Domain Keys Identified Mail

DMARC: Domain-Based Message Authentification

What is an SPF record and what is it for?

The SPF is an email authentication protocol that allows domain owners to declare from which servers or IPs they send their mail, and thus fight against phishing.

In this way, when a message is sent, the receiver will control SPF, and if the IP of the sender does not appear in the list specified by the domain manager, the email will be blocked. For an ISP (Internet Service Provider) for example, it is very important that messages are authenticated in order to be able to differentiate spam senders from legitimate senders.

Among the many advantages of using SPF authentication is the avoidance of possible fraudulent impersonation or blocklisting of our domains; it guarantees the recipient that the mail they receive comes from an “authorized” server.

This type of authentication is indispensable for email marketing or transactional email professionals, as they are more susceptible to phishing attacks. Alinto’s SMTP Gateway, specially designed for transactional bulk mailings, has SFP and DKIM protocols to protect your mailings.

However, SPF authentication is not an infallible system: the fact that a message does not pass SPF validation does not necessarily mean that it will be blocked. It also stops working in mail forwarding.

Therefore, it is advisable to use other authentication systems besides the SFP, such as DKIM or DMARC, which we will talk about in the following articles.