Email SPF Record Tutorial – Sender Policy Framework (SPF) | Prevent Email Spoofing | DNS Course

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
welcome back in this tutorial we're going to cover what spf records are why you need them and how to create them if you own a domain it's crucial that you have set up your spf records correctly so you could prevent email spoofing or email fraud if you don't have spf records set up anyone can send email on your domain's behalf this can get your domain blacklisted for spam even if you're not sending mail this is a dns course so you should be comfortable adding dns records to your domain such as txt records before we get started don't forget to subscribe to our channel to stay up to date with our latest training videos spf stands for sender policy framework it's basically a text record that you add to your domain's dns it's used by all mail providers such as gmail and outlook so that they can detect and block email spoofing and unauthorized mail sent on your domain's behalf your spf record allows you to specify one or more ip addresses or domain names that are allowed to send mail on your domain's behalf your spf record should list exactly all the servers that are authorized to send mail on your domain's behalf and should tell the mail server providers how to handle an email that is not authorized for example if you're using outlook for your email provider then your spf record would look something like this the first part v equal spf 1 this line specifies the spf version the current spf version is one this is required for all spf records this line should always be added the second part include the colon in the url for outlook consists of two parts the include colon is called mechanism and the second part the spf.protection.outlook is called directive the last part also consists of two parts known as the qualifier and the directive putting this all together your spf record should always look something like this we will cover each part in detail but to give you an idea this record is basically saying that the url spf.protection.outlook is a third-party email vendor and we authorize that vendor to send emails on our domain's behalf the include part basically copies the spf record stored inside that url the last part is saying all other emails not included in our list should fail which means that the email server provider will report the email as spam so far we know that your spf record should always look something like this your spf record is read right to left so if an email got sent out on your domain's name you would list all the authorized server ips that can send emails on your behalf otherwise the last part tells the email service providers how to handle emails that are not authorized based on the qualifier you use there is four different types of qualifiers the first one is the plus sign this is the default qualifier it's used if you don't specify any other qualifier this qualifier means that the email service provider should always accept the incoming email i don't recommend you use this option because you don't want to have any unauthorized email using your domain name to be accepted the second qualifier is the dash sign now i always recommend you use this qualifier this qualifier will tell the email service provider to always fail when the email is not a part of your authorized list the third qualifier is atilda this qualifier tells the email server provider to accept the email but mark it as suspicious so basically throw it in the junk folder the last qualifier means neither pass nor fail this qualifier tells the email service provider that your spf record says nothing about passing or failing i always recommend you use the dash qualifier to make sure all unauthorized emails are not accepted now the last part in your spf record is a combination of mechanisms and directives this is where you can list as many ip addresses or domain names that you want to authorize when an email is sent out on your domain's behalf the email service provider receiving your email will check if the email is authorized by looking in this list there is five different mechanisms or let's say five different ways you can authorize servers you can authorize mail servers by domain name using the letter a for mechanism so if you want to authorize any domain to send email on your domain's behalf you would write a then colon then the url name the second way you can authorize servers is by another domain mx record to do that you write mx then colon then the domain name where the mx record is stored the third way to authorize is by ip4 address or ip4 range this mechanism is straightforward you just write ip4 colon then the ip4 address or the ip4 range that you want to authorize the fourth way is to authorize servers by ip6 addresses or a range of ip6 addresses similar to the ip4 ui ip6 collin then the ip6 address or the range of ip6 addresses the last mechanism you can use is include and this is what you will use when you want to authorize third party email senders for example outlook or gmail [Music] once you create your spf record you basically add it to your dns by creating a text record under your domain name now once you do that you want to actually validate if your spf record is working so you could use mx tools validator so for example let's type spf validator and search that on google and you should see mxtoolbox and this is a very common validator you would simply write your domain name then you want to click on spf record lookup and you can see that this is my spf record and it's all in the green this sums it up for spf records if you guys found this video helpful if you can do me a favor and quickly give me a thumbs up it would greatly help me reach more people like you also don't forget to subscribe to my channel to stay up to date with our latest training videos if you have any questions post it on a comment below thank you for watching and we'll see you on the next training video you
Info
Channel: AHT Cloud
Views: 126
Rating: undefined out of 5
Keywords:
Id: OiIGifSeML4
Channel Id: undefined
Length: 8min 0sec (480 seconds)
Published: Mon Oct 11 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.