Use Red Sift's SPF Checker tool to look up your SPF setup and check for potential impact by SubdoMailing, determining if any poisoned includes are present in your SPF configuration in seconds.
SPF stands for Sender Policy Framework. It’s an email authentication protocol that acts as a whitelist, outlining the senders authorized to send emails on your behalf. Its aim is to prevent email forgery.
SPF stands for Sender Policy Framework. It’s an email authentication protocol that acts as a whitelist, outlining the senders authorized to send emails on your behalf. Its aim is to prevent email forgery.
The SPF tree visualization provided by the SPF Checker illustrates each step of SPF record resolution, showing how each mechanism is evaluated and whether it results in a pass, fail, or neutral outcome. This visualization helps users understand the hierarchy of SPF mechanisms and identify potential issues or misconfigurations within the SPF record.
On Feb 27th, 2024, researchers at Guardio discovered a massive email ad fraud campaign based on thousands of hijacked domains and subdomains. You can read more about the SubdoMailing attack and how to protect yourself here.
The Red Sift SPF record check tool detects if your SPF record contains compromised includes that leave your domain open to spoofing attacks. The dynamic visualization of the SPF tree allows you to highlight where the poisoned includes exist. If compromised includes are discovered, we recommend you remove these entries from your SPF record immediately.
Running an SPF check on your domain's SPF configuration ensures that it is correctly set up to authenticate emails sent from your domain, reducing the likelihood of your emails being marked as spam or being rejected by recipient servers.
Depending on the SPF configuration of the specified domain, information messages are displayed with the option to "highlight in SPF tree".
Yes, the SPF Checker can identify errors in nested includes from third-party records by analyzing each included SPF record within the hierarchy. This allows users to detect and address issues in third-party SPF configurations that may impact their own domain's email authentication.
You can access your domain's SPF record by querying the DNS records for your domain using tools like nslookup or dig. Alternatively, you can use online SPF lookup tools or access the DNS management interface provided by your domain registrar or hosting provider.
A void lookup occurs when a mechanism in the SPF record results in a DNS query that returns no result, indicating a misconfiguration or an invalid entry. Void lookups can lead to SPF authentication failures and should be addressed to ensure the integrity of the SPF configuration.
Syntax errors in an SPF record can be fixed by reviewing the SPF syntax guidelines and ensuring that the record is correctly formatted. Common syntax errors include missing or misplaced mechanisms, invalid characters, and incorrect spacing. Once identified, syntax errors can be corrected using the DNS management interface provided by your domain registrar or hosting provider.
SPF mechanisms are components of an SPF record that specify which mail servers are authorized to send emails on behalf of a domain. Mechanisms include IP addresses, domain names, and qualifiers that define how the mechanism should be interpreted. By configuring appropriate mechanisms in the SPF record, domain owners can control which mail servers are allowed to send emails using their domain name, thereby enhancing email authentication and security.
“SubdoMailing,” or subdomain-based emailing, is an advanced attack method that takes advantage of blind spots in DMARC enforcement. By sending messages from legitimate-looking subdomains that pass authentication checks, cybercriminals can convincingly spoof trusted organizations and mislead recipients.
Using this guide, learn about:
