SPF: security for your email

To protect your email from cyber attacks, you must be able to identify the sender. This is where a security feature known as SPF comes into play.

In this article we will explain what it is and why you should care about it. Let us begin:

What is SPF?

The Sender Policy Framework is an email security protocol that allows the identity of senders to be verified.

This is divided into two parts:

A  DNS TXT/SPF record : which indicates which servers are authorized to send emails from a given domain.

The  ​SPF check ​: is the verification that is done on receiving a message and that checks if the server that has sent the message is indeed the one that the DNS record marks as authorized.

Therefore, the configuration of the DNS TXT/SPF record allows  sending mail  to be correctly signed , while the  SPF check consists of discriminating  received mail . 

How does SPF work ?

The SPF check checks that the sending server is authorized to send mail on behalf of the domain.

It works at various levels, based on the DNS TXT/SPF record:

1.- Verify that the sender IP is authorized to send emails with said domain.
2.- Verify the  email enveloper sender field  matches the expected value.
3.- Verify by means of the helo/ehlo command the valid response from the server that sends the mail.

If the set of checks does not match, the email is blocked. All received emails have a header added with the result of the SPF analysis.

Now, how do we find out the IP addresses of the sender’s email server? We do this by checking the SPF record of the sender’s domain name.

SPF record

In  cdmon  this default log looks like this:

v=spf1 include:_spf.srv.cat ~all

At first glance, this does not seem to include any IP addresses, but if we analyze it with a specialized tool, it indicates the IPs from which a  cdmon user  can send messages:

This means that if a  cdmon user  works with the default SPF record, they will be able to send messages from any of these IPs:

46.16.56.0/21
134.0.8.0/21
185.22.200.0/22
​​185.34.192.0/22
​​185.42.104.0/22
​​185.66.40.0/22

In case of working with more than one mail service (such as a mailing service such as Acumba or Mailchimp), it will be necessary to add their servers as authorized hosts for sending.

Remember that you can only have a single SPF record, so if you have to make this change, we recommend that you follow the steps indicated in our guide to  configure it for mail in the static DNS  or follow the instructions in the following video:

But why do we need email security?

Email is convenient and easy to use, but it’s also open to cyberattacks and other threats. Email security is the way to protect your account and prevent spam emails from others.

This can prevent scams and phishing attacks that can steal your information. Also, knowing the identity of the sender can protect you from spoofed emails and people pretending to be someone else.

With SPF, you can feel more confident that your email account is protected.

Watch our webinar on public safety agency grant funding for mobility projects

Watch our webinar on managing the security risks posed by your employees’ IoT devices

With more employees working remotely than ever before, accessing sensitive company information from their mobile devices can expand the potential risk for enterprises. This webinar hosted by Keith Fuentes, VP of Customer Success at Samsung Electronics America, and featuring Chris Sherman, Senior Analyst at Forrester Research, will explain the security risks enterprises face and the need to implement a Zero Trust mobile device strategy.

    Sign up to gain expert insights on:

  • Managing employee devices in a remote work environment
  • Cyberattacks facing enterprises
  • Zero Trust requirements, use cases and recommendations
  • Customer journey and the need to adapt
  • How Samsung can help you implement a Zero Trust posture through Samsung Knox and Knox Suite

Access authentication for teleworking grows 60%

The Duo Security study, part of Cisco, also reveals the increased use of unmanaged devices at the beginning of the pandemic and the evolution towards Cloud applications

Madrid 2020. – Faced with the rapid transition to teleworking, organizations have massively adopted Virtual Private Network (VPN) and Remote Desktop Protocol (RDP) technologies, among others. As a result, the authentication activity for these technologies increased by 60%, accelerating the digitization of companies and administrations.

This is clear from the Duo Trusted Access 2020 Report published by Duo Security, part of Cisco, which analyzes the activity of 26 million corporate devices around the world [i]. The report reveals how the effects of this digital transformation will continue to affect the coming years in the face of the new hybrid work environment that demands connected, safe and productive workers.

And, according to another recent Cisco study, 96% of organizations had to change their cybersecurity policies during confinement. And more than half used multi-factor authentication (MFA) mechanisms for secure access to applications.

Cloud applications and personal devices

Cloud adoption has also accelerated. Daily authentications for applications hosted in the cloud increased by 40% during the first months of the pandemic, most of the large and medium-sized organizations that wanted to ensure secure access to various cloud services.

In fact, Cloud applications will outperform on-premises applications (hosted on local servers) predictably in 2021. Cloud applications make up 13.2% of the total authentications registered by Duo (an increase of 5.4% vs. to 2019). For their part, on-premise applications account for 18.5% of all authentications (a 1.5% drop compared to last year).

As organizations hastily purchased equipment to support remote work, employees were using personal or unmanaged devices. Thus, access attempts blocked due to outdated devices soared 90% in March. This figure fell precipitously in April, indicating that devices are already more secure, reducing the risk against malware.

“When the pandemic started, the priority for many organizations was to stay up and running at all costs, taking the risk to get there,” says Dave Lewis, Global CISO Advisor at Duo Security. “The focus has now turned to mitigating risk through a more mature and modern approach to security, adapted to a completely disrupted corporate perimeter.”

Other notable conclusions are:

The rise of biometrics. Biometric technologies are widely used by business users, paving the way to a password-free future. 80% of mobile devices used for work have the biometric function configured, which represents an increase of 12% in the last five years.
Goodbye, SMS. The prevalence of SIM swapping attacks has led organizations to tighten their authentication schemes. In year-on-year terms, the percentage of organizations that apply a policy to override SMS authentication has almost doubled, from 8.7% to 16.1%.
Windows devices and the Chrome browser dominate businesses. 59% of the devices used to access protected applications run Windows, followed by Mac OSX with 23%. In general, mobile devices represent 15% of corporate access (iOS: 11.4%, Android: 3.7%). In terms of browsers, Chrome accounts for 44% of all browser authentications.
Apple devices, more likely to update quickly. On June 1, both Apple iOS and Android released software updates to patch critical vulnerabilities in their operating system options. Compared to Android, iOS devices were 3.5 times more likely to be updated in the next 30 days.
Windows 7 endures in healthcare. More than 30% of Windows devices in healthcare organizations continue to run Windows 7 – despite the security risks of being an unsupported version – versus 10% in widespread use by Duo customers. The legal requirements and the particular conditions of third-party software providers may influence the failure to update obsolete systems.

Windows 7 endures in healthcare. More than 30% of Windows devices in healthcare organizations continue to run Windows 7 – despite the security risks of being an unsupported version – versus 10% in widespread use by Duo customers. The legal requirements and the particular conditions of third-party software providers may influence the failure to update obsolete systems.
UK and EU, behind US in Cloud security. US organizations perform a greater number of user authentications to access Cloud applications, which implies less widespread use of the cloud by British and European companies or a greater proportion of applications not protected by multi-factor mechanisms in the United Kingdom. Kingdom and the EU.

About Cisco

Cisco (NASDAQ: CSCO) is the world leader in Internet technology. Cisco inspires new possibilities by reinventing applications, protecting data, transforming infrastructure, and facilitating collaborative work to move towards a global and inclusive future.