SPF stands for Sender Policy Framework, and it’s one of the most basic protections we have against email spoofing attacks. You can implement it with a few simple steps, and you don’t need a budget or additional services to enable it, so it makes no sense to ignore it.
Let’s see how it works and what you need to do to set it up on your Hosting account. Modern email communication is supported by the Simple Mail Transfer Protocol (SMTP) – a protocol that allows computers and servers to send emails claiming to be from any source address.
This wasn’t too much of a problem back in the 1970s when SMTP was developed, but it has since been exploited by phishers and spammers trying to fool victims into opening malicious messages and clicking phishing links – SPF was invented to stop this.
Suppose you have an online service running under the domain example.com, and a hacker is trying to impersonate you. Unfortunately, it’s trivially easy to forge an email that has firstname.lastname@example.org set as the sender. However, SPF gives email providers a way of checking whether the source is legitimate.
Before accepting the email, the recipient’s provider will query example.com’s DNS zone. An SPF record in the DNS zone file contains the IP address of example.com’s mail server.
If an email is coming from an @example.com address, but the IP doesn’t match the one in the SPF record, then the sender’s address has been spoofed, and the message gets blocked. To enable SPF on your domain, you need to add a TXT record to its DNS zone file.
By default, Panel creates a new SPF record for every domain you add to it. You can find it in the DNS Editor available on the User Interface’s homepage. It mandates that emails for your domain should only come from your Hosting virtual server.
If you want to use another provider for your outgoing messages, you can modify the SPF record with the Edit button.
If you need to add another record, you can use the form above the list of existing ones.
Make sure you pick TXT from the Type drop-down menu and use the correct syntax.