Sender Policy Framework (SPF)

SPF is a simple email-validation system designed to detect email spoofing by providing a mechanism to allow receiving mail servers to check that incoming mail from a domain comes from a host authorized by that domain's administrators. The list of authorized sending hosts for a domain is published in the Domain Name System (DNS) records for that domain in the form of a specially formatted TXT record.

An SPF Fail alert implies that the email has been sent by a host (or an IP Address) that is not explicitly authorized by the domain's administrators to send emails for that domain. In some cases, this could be because the domain administrator has not updated the information to reflect additional host(s) that have been authorized or could be due to an error in SPF configuration. 

In either case, SPF Fail is a high severity alert and should not be ignored. This loophole in the sender domain can be abused by cybercriminals to impersonate that domain's identity and infect its customers/suppliers/partners networks with malware or elicit sensitive information through social engineering.

Graphus highly recommends that if you receive an SPF Fail alert and you believe that the email is legit then you contact the sender domain's administrators and ask them to correct the problem with their SPF configuration. 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us
Provide feedback for the Documentation team!