SPF check
From now on, and as one more step in cdmon's effort to comply with the MECSA standard, we have implemented SPF checking for all incoming mail.
This is a tool that analyzes all mail that reaches your account to validate its origin, which is done through the SPF record associated with the sender email domain. When any email is received, it checks that the IP address of the sender's server matches the SPF record associated with the domain from which the email is being sent. This way, we ensure that the received message comes from a server that is allowed to send that email.
You can view the status of this protection in the Configure email section within the Control Panel, under Email authentication:
More information about the MECSA standard: https://mecsa.jrc.ec.europa.eu/es/technical#spf
What is the benefit of this origin validation?
It has a clear impact against phishing, since any attempt to send an email impersonating another user and another domain (the well-known spoofing where the FROM field of an email is forged to impersonate the sender's identity) will be rejected because it is not being sent from the authorized server for that domain.
What is phishing? – by INCIBE: https://www.youtube.com/watch?v=uhzV5-iFb5E
Does it have any effect in case of email account theft?
This does not apply in the case of hacking / account theft, having access to the sender's email account, or even having access to the server enabled to send emails for that email account, since in all these cases the emails would be sent from the legitimate account or through the server enabled for it.
What else should I keep in mind?
It is important to distinguish between SPF checking (for incoming mail to our servers) and the SPF record found in the DNS, which has an impact on sending email.
If you already have the SPF record enabled, you will not need to do anything else. You can check its status in the Configure email section within the Control Panel.
If you do not have the SPF record enabled, you can enable it and the default SPF will be configured:
v=spf1 include:_spf.srv.cat ~allIf you have third-party services managing your email, you must follow the instructions of that third-party service to add their service to your SPF.
Remember that you should only have a single TXT record for SPF in the DNS configuration.
Below, we describe some cases in which it is necessary to modify the SPF configuration.
Cases where additional configuration is required to continue sending emails correctly
If using an external antivirus service for email: If you use an external antivirus service to analyze your email, you will need to enter the IP ranges of the external antivirus service in your SPF configuration.
If using an external Newsletter sending service: If you use a service such as MailChimp or Acumbamail for bulk sends, they will tell you how to add their servers to your SPF record.
If using Gmail as your email manager: If you use our guide to configure email in Gmail, you will need to add Google to your SPF configuration (include:_spf.google.com).
Below, you have a video about how to add an external provider to your SPF record:
You can also follow the steps in our guide about the SPF record:
Check whether your SPF is configured correctly
Try sending yourself an email from your own account. If you receive it, the SPF is configured correctly. If you do not receive it, you will need to review your SPF record configuration and add any external services you may be using.
Related Articles
What is and how to activate the SPF Register
To improve the reputation of emails and allow receiving providers to verify that they are legitimate emails, you can enable an SPF record. The SPF record determines which mail servers and domains are allowed to send email on behalf of your domain. It ...Returned or rejected emails: Causes and how to review them
When you send emails from your website or server, some of them may be returned or rejected. This can happen for various reasons, such as an incorrect email address, a spam filter, a full inbox, among others. In this guide, we explain the most common ...How to follow good guidelines when sending email
When sending emails, it is good to follow a series of guidelines that improve the quality of the messages sent and help avoid ending up on SPAM and "junk mail" lists. 1.-Split up your mailings If you are sending a bulk mailing, it is recommended to ...How to set up email authentication
Email authentication is essential to prevent phishing, identity spoofing, and other types of cyberattacks that could compromise the security of your email. In this tutorial, we will guide you through a few simple steps to configure and manage the ...How to test the operation of the mail service
To check whether email accounts send and receive mail correctly, you can perform a send and receive test from the "Account management" section of the cdmon Control Panel. To do this, follow these steps: 1.-Hosting email management Access the Manage ...