SPF only makes sense when you have a rigid “hardfail” policy in place, because only in this scenario will the receiving mail servers discard an email that is spoofed. Of course, switching your policy to hardfail can falsely block many legitimate users and have severe consequences when your SPF record is incomplete or would actually require constant changes. With SPF Guru though, we ensure that your security requirements and business needs are no longer in conflict by offering a reliable way to know who is sending emails on behalf of your domains and helping you maintain an accurate and complete SPF record.
Even if you have a “hardfail” policy in place and a well-maintained authorized sender list, your Sender Policy Framework record may still be ineffective. Either through simple human error— a single space character in the wrong place will make your SPF record invalid on syntax grounds—or through technical limitations, such as taking more than 10 DNS queries to resolve your SPF record. You can learn more about the 10 query limit in SPF under SPF Management.
But let's imagine your record is formally correct and you consistently avoid all these pitfalls. How do you ensure that you have not forgotten one of the providers sending email on your behalf? Clearly, it’s better to be proactive than wait for customers to complain or orders to be missed.
SPF Guru focuses not just on maintaining your SPF record but also on recording who is sending emails on your behalf in real time. It’s not even necessary to route all your emails via our servers. Instead, we facilitate the DNS requests that the receiving mail server is sending to verify the authenticity of the sender. The log contains the email address in the FROM field, the IP address of the sender and the IP address of the receiving mail server.
We enrich this log data with detailed meta information about the sender and recipient, for example whether the sender is a known spam source or which domain these IP addresses belong to. We also log whether that IP address was authorized at that given point in time. This combined data allows the most comprehensive insight into the operation of your email service landscape as possible. We can identify not only large volume senders from unauthorized IP addresses, but even small and carefully targeted spam or phishing campaigns attempting to exploit one of your domains. We can even show providers that are authorized but have not been sending emails for a while, as well as identify which of your legitimate mail servers have unknowingly been put on spam blacklists.
Privacy is more than a desirable feature, but an absolute requirement in today's digital world. That is why SPF Guru has woven stringent data protection protocols into every aspect of our service from the ground up. One of the most common concerns is that the Sender Monitoring feature is potentially collecting email addresses. We only record the email address of senders, since those carry your domain and not the recipient address. Still, even that record can be changed to include only the domain name, if requested, to protect privacy.