Email Security Best Practices: Using SPF Cybersecurity to Mitigate Malicious Threats

Oren Falkowitz | February 19, 2014 | tag: Security Risk Management

misconfigThe threat from malicious email represents one of the greatest risks to IT security. That threat continued unabated in 2020, especially in the wake of the COVID-19 pandemic. Research indicated that in 2020 the number of nefarious emails increased dramatically, reaching about 1.5 million malicious emails per day during one particularly intense three month period.

One of the best practices to curb this risk is the Sender Policy Framework (SPF), an email validation tool to prevent the sending and receiving of forged messages. When properly configured, SPF cyber security reduces both the likelihood of any domain name being fraudulently used to send malicious emails and the chances that organizations will receive such messages.

The Benefits of a SPF Cyber Security Framework

Several notable 2020 incidents highlighted the benefits of SPF cyber security. The healthcare industry was particularly hard hit; in April, the personal and medical information of more than 100,000 employees and patients of Beaumont Health was exposed in a phishing attack, while a similar incident impacted Magellan Health in May. There were also a seemingly endless series of COVID-19-related phishing emails, not to mention scams around the U.S. elections, economic stimulus payments, and more, delivered to personal and business email addresses. These efforts would have been impossible had SPF records been in place for the senders and checked by the receivers.

Recent years have seen other attacks that have garnered international intention. For example, after having had data from over 100,000,000 consumer credit cards breached, Target Corporation began to offer free credit monitoring services. The emails they sent to consumers seemed suspicious. Questions about the validity of the Target emails were resolved in part by the ability to validate the email sender’s authenticity via SPF.

How the SPF Works

When an organization generates an SPF record in the Domain Name System (DNS) it is identifying which hosts are permitted to send email from their domain. This record allows message recipients to query and determine whether the sending server is authorized to send from a domain. This diagram shows how SPF is verified by the recipient’s mail system.

How the SPF Works

SPF Cyber Security: Simple and Effective

SPF cyber security is a simple and straightforward tool organizations can use to validate the integrity of their messages and reduce the risk of malicious forgeries. Failure to implement a SPF record increases risk across multiple vectors. Indeed, adopting SPF cyber security should be considered a best practice that signals an organization’s overall IT security effectiveness.

* A variety of open-source tools exist to verify the SPF record for your organization:

This blog was updated as of 12/28/2020

Suggested Posts

The BitSight and Moody's Partnership: A New Era For Cybersecurity

Cybersecurity is one of the biggest threats to global commerce in the 21st century.

By providing data-driven insights into cybersecurity, we can empower the marketplace to make better, risk-informed decisions and create a more secure...


4 Critical Success Factors for Effective Security Risk Management

With the average cost of a data breach in the U.S. reaching nearly $8.6 million, your organization can’t afford to ignore cybersecurity risk. Indeed, the need for security risk management is greater than ever. When cyber risk is managed...


IoT Cybersecurity: How Your Organization Can Tame the Wild West

From sensors on the factory floor to those that guide autonomous vehicles, the Internet of Things (IoT) is transforming how we live and work. Over the coming years, IoT will continue to change our world, with the number of connected...


Get the Weekly Cybersecurity Newsletter.