Back

Create and iterate an SPF record for email authentication

Create and iterate an SPF record for email authentication

Create and iterate an SPF record for email authentication

Status: Live
Published: 02/07/2021
Security level: Official
Amended / Internally developed: No
Live on platform: 23/06/21
Retired on platform:
Target Audience: Technical / General
Authoring body: National Cyber Security Centre (NCSC)
Grading: no grading applied
Guidance
Abstract

This document provides guidance on how to create and iterate a Sender Policy Framework record, which is a system of email authentication.

SPF works by providing domain owners a way to publish a list of the IP addresses which should be trusted for a given domain. A receiving email service can then check that a sending email service has an IP address which appears in the sender's published list.

If the IP address appears in the list of acceptable IPs, the receiving email service will forward the email to the recipient's inbox. If the receiving email service cannot confirm the IP address is valid, then it marks the email in accordance with the DMARC policy you have implemented on the domain the email is being sent from.

Download attachments:

Web capture_2-6-2021_151533_www.ncsc.gov.uk.jpeg

Link: https://www.ncsc.gov.uk/collection/email-security-and-anti-spoofing/create-and-iterate-an-spf-record 
Tag: network email dns identity access management
Category: Security