Test SPF records with a free SPF validator
Sender Policy Framework (SPF) is an email authentication protocol for authenticating email that allows the owners of a domain to publish information that receiving mail servers can check to determine when an email may be forged. But performing an SPF check is only helpful when a domain's SPF record is valid.
Mimecast DMARC Analyzer offers a free SPF validator. By entering your domain into Mimecast's SPF validator, you can immediately receive a report that displays your DNS record and parses your SPF record to identify any potential issues. The Mimecast SPF validator can also pre-validate and update before it is applied to a record to prevent post-update issues. Testing potential updates with an SPF validator is strongly recommended before applying updates to the DNS record.
Try Mimecast's SPF validator now
Improve SPF success with DMARC
SPF email authentication helps to identify and block illegitimate email by enabling domain owners to publish a list of authorized mail servers. This information appears in an SPF record, a line of text within their DNS record. A receiving mail server can use this information to perform an SPF test, comparing the IP address of inbound email to the addresses listed in the SPF record. If the addresses don't match, the email fails to authenticate and can be blocked or quarantined.
The drawback of SPF is that it doesn't catch all threats. It breaks when an email is forwarded, and it can't detect email where attackers have spoofed only the "from" address that recipients see at the top of the message. Also, to be effective, SPF records must be continuously updated with accurate information about authorized mail servers. When this task isn't completed, SPF becomes ineffective.
DMARC (Domain-based Message Authentication, Reporting & Conformance) offers improvements over SPF as well as the DKIM protocol. DMARC actually builds on both protocols, requiring that email pass either or both authentication tests. DMARC also requires that the "from" address is aligned with other address information in the email, and it instructs receiving mail servers on what to do with messages that don't authenticate.
While DMARC significantly improves the level of email security, it can also be difficult to deploy and complicated to manage. That's why so many organizations seeking to implement DMARC choose Mimecast DMARC Analyzer.
Simplify authentication with DMARC Analyzer
Mimecast DMARC Analyzer reduces the time and complexity of implementing DMARC authentication. As a 100% SaaS solution, DMARC Analyzer delivers full insight, visibility and governance across all email channels, enabling you to implement a DMARC reject policy while making sure legitimate email does not get blocked.
DMARC Analyzer offers self-service email intelligence for implementing DMARC policy quickly and easily on the gateway. In contrast to other DMARC solutions that tend to require professional services for successful implementation and management, DMARC Analyzer is designed for simple and effective self-service.
Features include:
- Unlimited users, domains and domain groups for complete coverage.
- A DMARC record setup wizard for quick and simple DNS updates.
- Aggregate reports and charts that are easy to use and analyze for DMARC policy enforcement.
- Forensic reports that help identify and track down malicious email sources.
- Summary reports to track progress over time.
- Enhanced security with two-factor authentication.
- Tools to check DNS changes over time and to configure proactive email alerts that notify administrators when a record changes.
- Options for managed services provided by Mimecast experts with proven deployment and project management expertise.
Mimecast Impersonation Protect and other solutions
DMARC Analyzer can help stop email spoofing based on the illegitimate use of a real domain name. To defend against malware-less attacks that use domain similarity – where a fraudulent domain is almost identical to a legitimate domain – Mimecast offers Impersonation Protect.
Mimecast Impersonation Protect scans all inbound emails in real time to spot the typical signs of impersonation attacks: anomalies in the header, domains that are similar to legitimate domain, domains that have been recently registered, suspicious content in the body of emails and international character sets often used in these kind of attacks.
Additional Mimecast email security solutions include:
- Mimecast Secure Email Gateway, which uses multiple detection engines and threat intelligence feeds to stop sophisticated threats like spear-phishing and zero-day attacks at the gateway.
- URL Protect, which scans links in email on every click to protect users from suspicious and malicious URLs.
- Attachment Protect, which uses multiple inspection analytics to neutralize threats embedded in files attached to emails.
- Internal Email Protect, which scans internal and outbound email to monitor, detect and remediate threats that have landed internally or that originate from within an email system.
FAQs: What is an SPF validator?
What is SPF?
SPF (Sender Policy Framework) is an email authentication protocol used by many companies to help prevent domain spoofing. SPF enables the owner of a domain to publish information in the DNS record about which IP addresses are authorized to send email for the domain.
What is an SPF record?
An SPF record is a line of text in the DNS record that stipulates which mail servers or IP addresses are authorized to send mail. When a mail server receives an email, it can check the SPF record to see if the IP addresses in the email header match the IP addresses in the DNS record, indicating that the message is authentic.
What is an SPF validator?
An SPF validator is a diagnostic test for determining whether an SPF record is valid. When you enter a domain into an SPF validator, it will perform an SPF record check to look up the record and display it, and run a number of tests to see if there are any issues with the syntax of the record or the data in it that might cause problems for email delivery. Mimecast DMARC Analyzer offers a free SPF validator, along with tools for a free DKIM record check and a free DMARC record check.
