How to properly configure SPF so that there is no spoofing?

A

Arsen2016-08-25 12:14:53

SPF

Arsen, 2016-08-25 12:14:53

Good day everyone!
There is a domain of our company, let's say mydomain.com, through which corporate mail is sent through the provider.net provider (Microsoft Exchange method).
the following SPF record is configured on the domain: v=spf1 a mx ip4:173.xx.xx.x9 include:spf.provider.net -all however this record does not stop attackers from sending spoof emails with our domain in the sender field. We ourselves receive these letters in the Spam folder, it is not known in which folder clients receive. My goal is to ensure that emails with our domain can only be sent from IP addresses we allow and through an ISP, is that even possible?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

Dmitry Shitskov, 2016-08-25
@arsabovyan

Recipients should block emails. You can only provide them with authentication methods for your emails, namely SPF, DKIM and DMARC. It is the presence of a DMARC record that indicates what the recipient should do with letters, depending on the policy:
But then again, the processing of all these records is all at the discretion of the recipient's server...

E

Ethril, 2016-08-25
@Ethril

In itself, the presence of an SPF record in a domain (yours looks quite correct) does not prohibit anything to anyone. Each recipient decides for himself what to do if the sender does not comply with the SPF policy. Here you have, for example, a spam filter shifts such letters to the Spam folder. Some of the clients will block at the entrance. Some will ignore...