E-mail spoofing is a term used to describe fraudulent e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source. E-mail spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message. By changing certain properties of the e-mail, such as the From, Return-Path, and Reply-To fields (which can be found in the message header), ill-intentioned users can make the e-mail appear to be from someone other than the actual sender. The result is that, although the e-mail appears to come from the e-mail indicated in the "From" field (found in the e-mail headers) it comes from another e-mail address, probably the same one indicated in the "Reply To" field; if the initial e-mail is replied to, the delivery will be sent to the "Reply To" e-mail, that is, to the spammer's e-mail. There are a few different ways to avoid e-mail spoofing, but probably the most popular and effective way is through the Sender Policy Framework (SPF).
What is a Sender Policy Framework (SPF)
The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery. More precisely, SPF protects the envelope sender address, which is used for the delivery of messages. The SPF allows the owner of a domain to specify their mail-sending policy, e.g. which mail servers they use to send mail from their domain. The technology requires two sides to play together: (1) the domain owner publishes this information in an SPF record in the domain's DNS zone, and when someone else's mail server receives a message claiming to come from that domain, then (2) the receiving server can check whether the message complies with the domain's stated policy. If, e.g., the message comes from an unknown server, it can be considered a fake.
Once you are confident about the authenticity of the sender's address, you can finally "take it for real" and attach your reputation to it. While IP-address-based reputation systems like Spamhaus or SpamCop have prevailed so far, reputation will increasingly be based on domains and even individual e-mail addresses in the future, too.
How to set up an SPF record
To set up an SPF record, you will need to review the questions below, and then contact WestHost technical support department and have them create the SPF record on your account. It is important to understand the below questions to help the technician set up an accurate SPF record to ensure maximum effectiveness.
- How do you send your e-mail?
- If it's sent through a desktop mail client, what SMTP mail server do you send outbound mail through?
- Do third parties send mail on your behalf?
- if so what are the names of their outbound mail servers?