How Are People Sending Emails from my Own Email Address?
In the email world, people send email from domain name addresses like This email address is being protected from spambots. You need JavaScript enabled to view it. . Every domain name on the Internet that is setup to send/receive email must route to an IP Address. This IP address is setup and controlled in a domain name registrars control panel and your hosting services. An IP Address enables a domain name to route across the Internet for things like a website and or email services. Let’s take the below example.
Domain Name: becomethesolution.com -> IP: 192.168.1.1
Becomethesolution.com is setup to IP Address 192.168.1.1. This IP Address was assigned from an email service, like Zoho. You assign this IP Address to your domain name by logging into your domain name provider control panel.
Awesome. So now, I setup my personal email address on my domain name with Zoho, as an example. I decide to create This email address is being protected from spambots. You need JavaScript enabled to view it. . Now, whenever I send an email from this address, it will actually be coming from IP address 192.168.1.1 but appears to a user as This email address is being protected from spambots. You need JavaScript enabled to view it. . You can find this information when you read email header information.
There’s one issue with this we setup. Spammers, specifically, will exploit the setup we just created by falsifying This email address is being protected from spambots. You need JavaScript enabled to view it. using SMTP (simple mail transfer protocol). Essentially, SMTP allows you to send emails with any email address name behind a domain name. What’s that mean exactly? Well, a spammer will leverage another IP Address and send an email from your domain name address This email address is being protected from spambots. You need JavaScript enabled to view it. ). This creates an email that looks exactly like your email address to be sent to someone else. Not good.
Now, this is where SPF checking comes into play. Sender Policy Framework explicitly defines IP Addresses that are only allowed to send email on behalf of for a domain name. Below is an example of a sender policy framework record.
v=spf1 mx include:zoho.com ~all
You were expecting to see an IP Address(s) in the example above, right? There are. Zoho.com is routing to several IP’s. In the example, our SPF record says only send email from IP’s resolving from zoho.com. An nslookup on zoho.com reveals 2 IP addresses pointing to it right now: 74.201.84.84 & 74.201.155.201. The ~all in the SPF record means if the email does not originate from those IP’s, it will fail to send or receive it.
SPF checking is voluntary and usually setup at the discretion of the email provider or user. Today, however; most organizations (financial institutions) enable this checking due to the increase of phishing and spamming emails.
To enable SPF checking, you must do the following.
- Create an SPF record for your domain name outlined by your email provider
- This is TXT record that is created as Host Record in your domain name provider control panel
- Ensure your email provider enabled SPF checking for receiving email. Likewise, ensure anyone you send email to also have SPF record checking enabled with their provider.
A great tool to lookup any SPF record (or find out if one exists for a domain name) for a domain name on the Internet here.
* Please use the comment form below. Comments are moderated.*
Comments