How to stop scammers spoofing your email address
This is less of an issue today than it was 5 years ago due to the spam fighting efforts of many providers, but still comes up from time to time – Email spoofing.
Email spoofing is where a scammer set’s their bulk email tool to put your email address (or a made up one with your domain) in the email’s “From” field. The email isn’t literally coming from you, as they’d need your logins for that, but the recipient will see that it came from you and so this scam can be very powerful if done correctly. When I worked for Yeovil & Poole Audi, I once used it to my advantage for a marketing campaign with the senders permission and received a 91% response rate! Fortunately the scammers normally have very poor English and so it’s not so successful for them…
What is an SPF records
An SPF record is a short piece of text you can add to the “DNS” records of your domain name. It tells mail systems how to handle emails from your domain. For example what servers are allowed to send emails from your domain. You can manage your DNS records in the control panel of your domain name provider. There are other initiatives to provent email spoofing (Sender ID, DKIM, and DMARC) but in this article we’ll focus on SPF records as they are easy and effective.
How to set your SPF record
This is a mid-difficulty fix – please seek technical help if any of this seems scary.
An SPF record is added to your domains DNS as a “TXT” record and a typical value looks like:
TXT @ “v=spf1 a include:_spf.google.com ~all”
The “v=spf1” bit tells us it is an SPF record
The “a” allows servers listed in your “A” records to send email (normally recommended)
The “include:” adds permission for the servers named
The “~all” tells mail servers that this list is all inclusive and no other servers are allowed to send emails
Interestingly enough the ~ is a value all in itself. It tells you that the email should soft-fail if the rules. Replacing with a – is risky but stronger bouncing all emails that don’t pass the test.
If the above sounds confusing – good, because SPF records always have for me too. Have no fear – there’s an awesome generator here: spfwizard.net
Enter your details in the generator and it’ll give you the record you need 🙂
If you get stuck, get in touch and we’ll help you get it sorted.