Sender Address Forgery

Today, nearly all abusive e-mail messages carry a fake sender addresses. The victims whose addresses are being abused often suffer from the consequences, because their reputation gets diminished and they have to disclaim liability for the abuse, or waste their time sorting out misdirected bounce messages.

You probably have experienced one kind of abuse or another of your e-mail address yourself in the past, e.g. when you received an error message saying that a message allegedly sent by you could not be delivered to the recipient, although you never sent a message to that address.

Sender address forgery is a threat to users and companies alike, and it even undermines the e-mail medium as a whole because it erodes people's confidence in its reliability. That is why your bank never sends you information about your account by e-mail and keeps making a point of that fact.


The Solution: SPF

The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery. 

SPF allows the owner of a domain to specify which mail servers they use to send mail from their domain. Firstly the domain owner publishes this information via an SPF entry in the domain's DNS records, then when someone else's mail server receives a message claiming to come from that domain, the receiving server can check whether the message comes from a server specified in the DNS records for that domain.


What does this mean in relation to OpenCRM?

If you are using OpenCRM to send emails then you will not be using your own email server to do so. Emails sent from OpenCRM will be sent through our server infrastructure. In order to ensure that emails sent in this way are recognised as genuine by the recipient you need to include the OpenCRM server as an allowed sender for your Domain with an SPF record. 


What should I do now?

It is strongly recommended you conduct your own research and are confident about the changes required before altering your DNS records.

  • The following tools can help guide you through creating an SPF record; however, you should first ensure you understand the terminology and options available: https://spfrecord.io/ and https://mxtoolbox.com/SPFRecordGenerator.aspx
  • Once you have created and set-up your SPF record you need to ensure it is working correctly. Mail Tester provides an email verification tool to test whether your SPF record is working. 
  • https://mxtoolbox.com/SuperTool.aspx# and https://secure.fraudmarc.com/tool/spf will run some automated checks on your SPF record and advise of any issues they find.

If OpenCRM is responsible for the management of your domain we can assist in setting up an SPF record for you, if your domain is hosted by another provider then you should contact them directly if you require further help in setting up an SPF record.


AnchorI'm ready to set up my SPF record

Your SPF record is published as a TXT Record in your DNS. The end goal of updating your SPF Policy is to include this phrase: include:spf1.opencrm.co.uk.

If done correctly, this will help your recipients to identify emails sent from OpenCRM as genuinely being sent from you. If you are not sure how to set up your SPF record you should contact the person who manages your domain.  Incorrectly configuring your SPF policy will result in all of your emails landing in your recipients Spam folders, or not arriving at all.  Because of this, we strongly recommend either escalating this task to your IT Manager, or consulting with your DNS host.  This is most likely the company from whom you purchased your domain name.

Please see this guide for updating your SPF record for OpenCRM: SPF For OpenCRM


Need More Help?

If you have any questions, just start a Live Chat, "Click" on the Chat Icon in the lower right corner to talk with our support team.