Email Security Best Practices: Using SPF Cybersecurity to Mitigate Malicious Threats

Oren Falkowitz | February 19, 2014 | tag: Security Risk Management

misconfigThe threat from malicious email represents one of the greatest risks to IT security. That threat continued unabated in 2020, especially in the wake of the COVID-19 pandemic. Research indicated that in 2020 the number of nefarious emails increased dramatically, reaching about 1.5 million malicious emails per day during one particularly intense three month period.

One of the best practices to curb this risk is the Sender Policy Framework (SPF), an email validation tool to prevent the sending and receiving of forged messages. When properly configured, SPF cyber security reduces both the likelihood of any domain name being fraudulently used to send malicious emails and the chances that organizations will receive such messages.

The Benefits of a SPF Cyber Security Framework

Several notable 2020 incidents highlighted the benefits of SPF cyber security. The healthcare industry was particularly hard hit; in April, the personal and medical information of more than 100,000 employees and patients of Beaumont Health was exposed in a phishing attack, while a similar incident impacted Magellan Health in May. There were also a seemingly endless series of COVID-19-related phishing emails, not to mention scams around the U.S. elections, economic stimulus payments, and more, delivered to personal and business email addresses. These efforts would have been impossible had SPF records been in place for the senders and checked by the receivers.

Recent years have seen other attacks that have garnered international intention. For example, after having had data from over 100,000,000 consumer credit cards breached, Target Corporation began to offer free credit monitoring services. The emails they sent to consumers seemed suspicious. Questions about the validity of the Target emails were resolved in part by the ability to validate the email sender’s authenticity via SPF.

How the SPF Works

When an organization generates an SPF record in the Domain Name System (DNS) it is identifying which hosts are permitted to send email from their domain. This record allows message recipients to query and determine whether the sending server is authorized to send from a domain. This diagram shows how SPF is verified by the recipient’s mail system.

How the SPF Works

SPF Cyber Security: Simple and Effective

SPF cyber security is a simple and straightforward tool organizations can use to validate the integrity of their messages and reduce the risk of malicious forgeries. Failure to implement a SPF record increases risk across multiple vectors. Indeed, adopting SPF cyber security should be considered a best practice that signals an organization’s overall IT security effectiveness.

* A variety of open-source tools exist to verify the SPF record for your organization:

This blog was updated as of 12/28/2020

Suggested Posts

Mitigating Risk in Your Expanding Digital Ecosystem

As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with...


3 Ways to Ensure Best-in-Class Third Party Cyber Risk Management

An effective third party cyber risk management program both identifies potential threats and finds ways to mitigate them. Organizations should aspire to the highest possible standards when it comes to their security posture. To do so,...


Cyber Risk Should Be A Growing Concern to the Municipal Bond Market

Following an increase in ransomware cyber attacks, most notably May 2017’s WannaCry attack, U.S. public sector entities are starting to see the effects of these attacks on the almost $4 trillion municipal debt market. As a result,...


Get the Weekly Cybersecurity Newsletter.