(609) 252-1155


SPF Records and why you should care.

Why can’t people send me email!?

A common complaint from our clients is that our SPAM filter is blocking incoming email from john.smith@smallbusiness.com who “we work with all the time”.  Occasionally the email in question is flagged as SPAM, rightfully so or not.  However, more often the message is flagged due to a Sender Policy Framework (SPF) violation.  This is not a problem with your email or the SPAM filter, but a problem with the sender’s email system.


What is SPF?

In short, the SPF is a system for ensuring that email messages actually come from the server they say they do.  Let’s think about SPF in terms of “old fashioned” letters.  Say you get a letter from your Great Aunt Edna asking for cash so she can buy a new sweater for her dog.  Leaving aside Edna’s poor fashion sense and that you haven’t heard from her in 25 years, you might first look at the return address on the envelope to make sure it was actually from her.  The return address (reply to email address) checks out but you can write anything you want there.  So next, you take a look at the post mark.  Why is a letter from Edna, who lives in Florida, post marked as being mailed from South Dakota? 

This is what the SPAM filter is doing when it checks the SPF record.  It looks at the IP it got the email message from, and compares it to where smallbusiness.com says its email should come from.  If the IPs don’t match, or smallbusiness.com doesn’t have an SPF record, the message is rejected.


Why is SPF validation important?

SPF validation prevents email spoofing; it ensures that when a message says it came from trackinginfo@ups.com, that’s really where it came from.  Email spoofing attacks are on the rise.  Even within small companies, we have seen attempts for an outside agent to pretend to be the CEO and ask for funds to be transferred.  Unless the CEO’s email account is compromised, this attack is immediately thwarted by SPF validation.


How do we fix it?

The easiest solution to an email being rejected due to SPF validation is to add the address or domain in question to the filter’s whitelist.  However, this is bad policy as it opens you up to attacks if smallbusiness.com is compromised.  And frankly, if smallbusiness.com  doesn’t have the IT resources to have a proper SPF record, the odds are good that they don’t have proper Anti-Virus/Anti-Malware/etc. protection.  Therefore, in order to protect your business properly, the responsibility to fix this issue really lies with smallbusiness.com.  Odds are ours is not the only SPAM filter blocking their emails.  The rejection may be silent so they are not even aware their messages are not going through.  The first thing to do when an email is rejected is to log into the SPAM filter.  From there you check the reason the message was flagged, review the content of the message, and choose to allow its delivery.  If the message was flagged as SPAM, it’s likely a one-time issue and future messages should pass through the filter.  However if the message is flagged due to SPF validation, you should reach out to the sender and let them know their IT department needs to resolve the issue. 


More Information

If you need assistance logging into your SPAM filter, don’t hesitate to reach out to support@gear3.com or give us a call (609) 252-1155.  Furthermore we’d be happy to work with other companies or their IT staff to resolve these issues so we can make sure that everyone’s email has the best protection possible.

Why a Firewall is important for your business

Intrusion Detection and Prevention – Comprehensive real-time protection against exploits, threats, and vulnerabilities

Advanced Threat Detection – Dynamic analysis of malware programs and documents with embedded exploits

Malware Protection – Shields the internal network by scanning web content, emails, and file transfers

With Gear 3’s Managed Anti-Virus, our AV monitoring and alerting infrastructure along with our technicians will ensure your workstations and servers are protected.

5 Steps to prevent Crypto Virus Ransomware

Just like any virus, CryptoWall directly infects the host computer, connects to servers, uploads personal info such as your location, IP address, and your systems information, while it generates an encryption key. Once the virus has generated a key, it uses it to create encrypted versions of your files while deleting the originals. It can do this to files on your local system as well as shared files on the network. Some variants can even encrypt cloud files and delete backups! All that’s left behind are randomly named encrypted files, and instructions on how to pay the ransom to restore your files.

5 Ways to Defend Your Business from CryptoWall Attacks

1. Have a trusted IT professionals at Gear 3 assess the security of your systems.
2. Implement a sound disaster recovery plan.

3. Do not open ANY email or attachment from ANY sender you don’t recognize.

4. Validate ANY link in ANY unfamiliar email before clicking on it.

5. Do not add unknown systems on your network without consulting with Gear 3 Technologies
With constant updated security measures and persistence, threats like CryptoWall can be minimized. Accidents can happen, which is why a implementing a strong backup plan is critical for your business.