Questions tagged [spf]
Sender Policy Framework (SPF) is an email authentication method designed to detect forged sender addresses in emails (email spoofing), a technique often used in phishing and email spam.
89 questions
3
votes
2
answers
592
views
What use is SPF for email security in a cloud / SAAS world
I've just set up sending emails from my domain with Google workspace, and have just learned about SPF, DKIM, and DMARC. I'm wondering, what use is SPF in the modern internet. Probably half the ...
- 41
1
vote
1
answer
151
views
Using "send as" feature with gmail from custom domain not hosted by Google fails SPF and DKIM
I have my personal email address set as a "send as" option on gmail. Let's call it [email protected]. I don't use Google for any services relating to mydomain.com, so I don't have an admin ...
1
vote
1
answer
853
views
Can I use multiple email providers with my website's DKIM, DMARC and SPF?
I'm a software developer, with limited Mail server setup experience, running a little side SAAS on the side where I send emails to my customers. My domain has SPF, DMARC and DKIM setup and I use ...
- 113
3
votes
1
answer
265
views
How to know whether e-mail was spoofed?
I am having a hard time understanding the different methods of e-mail verification. I know about DKIM, SPF and DMARC. If I would like to know whether an e-mail I received actually came from the e-...
- 31
1
vote
0
answers
313
views
Is my DMARC report saying legitmate emails are failing or illegitimate emails are passing? [closed]
I am learning how to improve email deliverability. Along the way, I'm learning about DMARC reports, SPF and DKIM. I have a friend with a small business who said I can practice with this email ...
- 317
6
votes
1
answer
3k
views
Spoofed email sent to me from my email address with SPF/DKIM/DMARC passing
I received an email earlier today on my work email address. The email came from the same address—mine—but I didn't send it.
It was an email claiming that he was a professional hacker who had hacked my ...
- 161
0
votes
1
answer
188
views
How can an email forwarding service send email with a "From" from a domain they don't control, and still pass SPF?
Let's say:
[email protected] sends an email to [email protected].
Bob owns the domain bob.com but doesn't manage an emailing server. Instead he uses an email forwarding service (provided by his registrar /...
- 982
1
vote
1
answer
2k
views
Still able to spoof emails with strict DMARC, SPF and DKIM enabled
Despite setting up strict DMARC, SPF, and having DKIM enabled, I am still easily able to spoof the "From" address. I can easily do this with PHPMailer on my Mac and even with some free 3rd ...
- 111
0
votes
1
answer
338
views
Spoofed forwarded email? Help with analyzing of DMARC report
Why did this email get forwarded successfully? An XML report is below:
I simply cannot understand the delivery status, a transcript follows:
This email has been automatically forwarded. Despite the ...
- 1,747
0
votes
0
answers
661
views
SPF passes but in Gmail, 'Show Original', top section doesn't show SPF: PASS with IP
When I send an email from my HostGator account to my Gmail account, I see in the header spf=pass...
When I paste the header in this tool -> https://toolbox.googleapps.com/apps/messageheader/
It ...
- 1
0
votes
1
answer
433
views
SPF problems using my ISP's SMTP out-bound server
The spf record for my domain is:
v=spf1 a:smtp.(my-isp).com ip4:(my-static-IP) -all
I have recently added smtp.(my-isp).com to the spf record.
I have sent some test emails to gmail where the outgoing ...
2
votes
1
answer
379
views
Spoofed email: whose fault is it?
My relative received an email from a bill they were expecting to pay. So they paid said bill.
Only problem is: it was a spoofed email, and the real bill only came in later.
I checked the email on the ...
- 135
1
vote
1
answer
386
views
How do SPF and DKIM work together prevent spoofing?
I'm trying to understand how SPF and DKIM can be used to prevent email spoofing. One of the things I find confusing is that the SSID/AUID of a DKIM signed message can be different from both the ...
- 113
3
votes
0
answers
2k
views
DKIM/SPF What does it mean when policy_evaluated fails but auth_results passes?
I am trying to get the DKIM and SPF settings correct for a client who uses both GSuite and WordPress to send her emails.
I added this dmarc: v=DMARC1; p=none; rua=mailto:l***@******ney.com; fo=1; ...
- 31
2
votes
2
answers
840
views
Flattening an SPF record - drawbacks and downsides?
I have an SPF record that has too many DNS lookups. Consequence is some mail servers will silently drop emails; RFC7028 says that over 10 lookups:
SPF implementations MUST limit the total number of ...
- 522