Skip to content

Home > Announcements > SPF Policy Update & Recommended Actions [2025-03-10]

SPF Policy Update & Recommended Actions

March 10, 2025

We continuously improve our email security measures to protect our users from spoofing and phishing threats. As part of this effort, we have updated our system to enforce stricter SPF (Sender Policy Framework) validation rules.

What’s Changing?

Effective immediately:

  • The “Allow spoof email” option in SMTP settings has been deprecated.
  • Incoming emails with an SPF hard fail (-all) will be rejected.
  • Incoming emails with an SPF soft fail (~all) will be assigned a junk rank score, increasing the likelihood of being marked as spam.

Who’s Affected?

1. Emails from External Domains That Fail SPF Check
Emails sent from external senders or domains that fail the SPF check with a hard fail (-all) will now be rejected. This helps block spoofed emails pretending to be from other domains, reducing spam and phishing risks.

2. Emails Sent from Your Domain That Fail SPF Check
If emails are sent from your domain but through third-party email services, these services must be listed in your SPF record. If they are not included, the emails may be blocked (if SPF is set to strict -all) or marked as spam (if SPF is set to softfail ~all).

3. Users Who Previously Enabled “Allow Spoof Email”
The “Allow spoof email” option in SMTP settings previously allowed users to receive emails sent from their own domain via third-party email servers not listed in their SPF record. To improve security, this option has now been deprecated.
If you previously enabled “Allow spoof email” and your email setup relies on external servers not included in your SPF record, this update may affect email deliverability.

What You Need to Do

Affected parties should review and update their SPF records to ensure proper email delivery. The available options are:

1. Strict Enforcement (-all, recommended): Only allows emails from servers explicitly listed in your SPF record. Emails from unlisted servers will be rejected.

2. Softfail (~all, less strict): Emails from unlisted servers will be marked as suspicious but still delivered (potentially to junk). This offers flexibility but carries a higher security risk.

    How to Update Your SPF Record

    For Our Users

    To update your SPF record:

    1. Log in to the Virtual Office as the avoamster or voadmin user.
    2. Navigate to Profile > Admin > Manage DNS.
    3. Go to the TXT tab, where SPF records are located.
    4. Update your SPF record to include the necessary third-party email servers.

    For more details, please see: How to manage domain configuration

    For External Senders

    If you are an external sender, please consult your administrator to update the SPF record on your end.

    Need Assistance?

    If you have any questions or need help updating your SPF record, feel free to contact our support team.

    This update is a crucial step in strengthening email security while ensuring smooth email delivery. We appreciate your cooperation in implementing these best practices.

    Tags: