We’ve all received them in our email inbox – some phony email from an apparently dependable source. Ever have a parent, staff member or student complain that they’re getting bogus emails from your school?
“Forged” emails is not only an irritating issue for those receiving them, but it reflects poorly on your school’s reputation. If the email server is unsecure and prone to such problems, one might wonder what other sensitive information or other aspects of school operations are exposed.
Email, still the most strongest and most popular form of digital communications in schools, unfortunately is a very vulnerable form of communication. With the proper safeguards, however, you can protect your school’s email delivery.
The problem could be more than forged emails from your domain making their way to the email boxes of parents, staff, students or any community member. Your newsletters and email messages could also be getting caught in SPAM filters.
In a previous post, I covered DNS and how schools use it. A key feature of DNS is the option for schools to deploy a SPF record. SPF records are the key to protecting your email from spoofing and being captured by SPAM filters.
Protect your school with SPF
SPF – at least this kind of SPF – has nothing to do with sunblock. SPF stands for Sender Policy Framework. SPF uses a DNS TXT record (Link to other post about DNS, to the TXT definiton) to tell the world who can send email as your domain. Think of SPF as a driver’s license for email servers. Anyone without an SPF is driving illegally, and the email needs to be impounded.
Your school needs an SPF record to stop forgery before it happens. While this SPF won’t block harmful UV rays from the sun, it will offer a great deal of protection for your school. And it’s not greasy to apply.
Setting up SPF for your school
SPF is just one facet of securing email for schools. The great news is SPF records are easy to setup, and I'm going to show you how. Here is a list of items you need to get together before you start:
- Access to your authoritative DNS records (Link to other article on DNS)
- A list of the DNS names for your mail servers. (If you use Google or Office 365, add them in the list below)
- A list of all the domains that send mail for your school. People often forget:
- Email newsletter tools
- Web severs with contact forms
- Anti-spam relays
- Notification systems
- Applications (testing sites, etc)
- Google Apps or Office 365
- PTR records for your email server (if you have them)
Free and easy way to obtain your SPF record
Once you have that list pulled together, there’s a handy wizard that Microsoft provides free of charge. Use this wizard to obtain a properly formatted SPF that you can easily share with your DNS provider or cooperative.
Follow these steps with the SPF wizard:
- Enter the domain you are looking to protect, and click Start
- The tool will look at your current MX records, check if there is a SPF record, and show you the results. Click next.
- Fill out the form with this information:
- Domain Not Used for Sending E-Mail - Do not check the first box if you use this domain to send email.
- Inbound Mail Servers Send Outbound Mail - Check this box, and review the list. Add any missing inbound servers in the box.
- Outbound Mail Server Addresses - Check this box, and add the name or IP address for any other systems, like webforms, internal servers, etc, that send mail as you. One box is for domains or specific domain names, and one is for IP addresses.
- Reverse DNS Lookup - If you have PTR records for your mail servers, enter them here, or just leave it blank.
- Outsourced Domains - This is where you add Google, Microsoft Office 365, or other domains that you outsource email to.
- Default - The options here tell other servers how strict to be about mail not coming from any of the servers listed. I suggest starting at "Discouraged" and seeing how your email flows. Change this to "No" after you feel confident in the SPF record.
- Click next
- Copy the text from the field to somewhere for reference
Now you have a formatted SPF record. If you have a cooperative that hosts your DNS, email them the SPF record text and tell them to add it to your domain as a TXT record. If you manage your DNS, login to your DNS provider, and create a new TXT record. Paste the text from your SPF record into the data field for the TXT record, and submit the update.
Your school just got its first SPF, and hopefully its last forged email.
Testing and maintaining your SPF record
Now that your SPF record is live, let's test our record. Use the SPF lookup tool here. Your SPF record should be automatically added to your DNS.
What do you do when you have updates? Rerun the wizard, add the new servers, and republish the record. It's that simple.
With major online players like Twitter and Google mail investing major resources into insuring security and privacy in their email practices, your school can likewise protect its email with some simple steps.
SPF records help stop fake emails from your school and keep your vital messages from getting caught in SPAM filters. Making the time to run through this quick process will help your school communicate safely via email.
Eric's background as a technical CEO with a big-picture focus brings the experience and vision that both gains the respect of technical audiences, and gets the attention of the progressive school leaders and administrators.