web design poole

How to stop scammers spoofing your email address

This is less of an issue today than it was 5 years ago due to the spam fighting efforts of many providers, but still comes up from time to time – Email spoofing.

Email spoofing is where a scammer set’s their bulk email tool to put your email address (or a made up one with your domain) in the email’s “From” field. The email isn’t literally coming from you, as they’d need your logins for that, but the recipient will see that it came from you and so this scam can be very powerful if done correctly. When I worked for Yeovil & Poole Audi, I once used it to my advantage for a marketing campaign with the senders permission and received a 91% response rate! Fortunately the scammers normally have very poor English and so it’s not so successful for them…

What is an SPF records

An SPF record is a short piece of text you can add to the “DNS” records of your domain name. It tells mail systems how to handle emails from your domain. For example what servers are allowed to send emails from your domain. You can manage your DNS records in the control panel of your domain name provider. There are other initiatives to provent email spoofing (Sender ID, DKIM, and DMARC) but in this article we’ll focus on SPF records as they are easy and effective.

How to set your SPF record

This is a mid-difficulty fix – please seek technical help if any of this seems scary.

An SPF record is added to your domains DNS as a “TXT” record and a typical value looks like:

TXT @ “v=spf1 a include:_spf.google.com ~all”

The “v=spf1” bit tells us it is an SPF record

The “a” allows servers listed in your “A” records to send email (normally recommended)

The “include:” adds permission for the servers named

The “~all” tells mail servers that this list is all inclusive and no other servers are allowed to send emails

Interestingly enough the ~ is a value all in itself. It tells you that the email should soft-fail if the rules. Replacing with a – is risky but stronger bouncing all emails that don’t pass the test.

SPF Generator

If the above sounds confusing – good, because SPF records always have for me too. Have no fear – there’s an awesome generator here: spfwizard.net

Enter your details in the generator and it’ll give you the record you need 🙂


Need help?

If you get stuck, get in touch and we’ll help you get it sorted.

Chris Ryu "Chameleon"

Chris has been a developer for over 15 years. Known for his unique experience crosses over many fields.

Get a Quote

Test out our instant price calculator!

Get A Price In Seconds
NHS Audi Vitality Mind
Dorset Council Dorset Chamber Gillingham Chamber of Commerce Theo Paphitis retail group
Apple Developer Google Partner Amazon Web Services Ionos Platinum Partner