Using the Sender Policy Framework (SPF) to prevent accidental spoofing detection

The Sender Policy Framework (SPF) is an email authentication method designed to prevent spoofing. Specifically, it checks whether the mail server that sent the email is authorized to do so from the email sender’s domain.

If you do not follow the steps outlined in this article, it is likely that SPF will mark some of SoSafe’s simulated phishing mails as phishing or spam. Assembling the entry you need to add only takes a few simple steps:

1. All SPF entries start with v=spf1

2. Open the SoSafe Manager and go to Settings / Whitelisting. Select SoSafe mail servers to get a list of mail servers that are being used. You must add the IP v4 and IP v6 addresses as such:

   1. ip4:xxx.xxx.xxx.xxx (e.g. ip4:192.168.0.1)

   2. ip6:y:y:y:y:y:y:x.x.x.x (e.g. ip6:2001:0db8:85a3:0000:0000:8a2e:0370:7334)

3. The IPs are followed by an include tag for SoSafe: include:spf.sosafe.de

4. Finally, you should close your entry with the -all tag. This tag is critical as it indicated which of the following policies will be applied:

   • -all: Fail - Servers not listed in the SPF entry will not be allowed to send emails (non-compliant emails will be rejected)

   • ~all: Softfail - If the email is received from a server that is not listed, the email is marked as softfail (emails are accepted but marked)

   • +all: This will allow any server to send emails from this domain. We strongly recommend not using this option!

Example SPF entry:

v=spf1 ip4:192.168.0.1 ip6:2001:0db8:85a3:0000:0000:8a2e:0370:7334 include:spf.sosafe.de -all

Attention: Please note that your SPF entry must not be longer than 255 characters and must not contain more than 10 include tags, also called "lookups". Please note that the "nested lookups" also count. If an entry has an A and MX lookup, both count as lookups for your domain.