Sophos is a British security software and hardware company that offers a suite of products. It specializes in communication endpoints, encryption, network security, email security, mobile security, and unified threat management. Sophos provides solutions for businesses and consumers to protect against malware, viruses, ransomware, and other cyber threats.
Configuring SPF for Sophos
Sender Policy Framework (SPF) is an email authentication method designed to detect forged sender addresses during email delivery. It allows the domain owner to specify which mail servers are permitted to send emails on behalf of that domain.
Here are the steps to configure an SPF record for Sophos–
- Sign in to your domain’s DNS.
- Find an option that says something like ‘DNS template.’ You will most likely find it under the ‘Tools & Settings’ menu.
- Change the DNS record for SPF as mentioned below-
yourdomain.com TXT v=spf1 include:_spf.prod.hydra.sophos.com ~all
Please note that if there is no SPF record existing for your domain, you need to publish the aforementioned record. If there is already an SPF record, you can update it as mentioned below to include Sophos-
Previous SPF record:
v=spf1 include:spf.yourdomain.com -all
Modified SPF record:
v=spf1 include:spf.yourdomain.com include:_spf.prod.hydra.sophos.com -all
- Once done, save the changes.
- Wait for 72 hours to have the information propagate across the internet.
Verification
Use an online SPF record checker to verify that your SPF record is correctly formatted and propagated. Tools like MXToolbox, Kitterman, or SPF Checker can help with this. If an issue is detected, fix it as soon as possible to prevent any threat actor from exploiting the vulnerability.
Testing
Send test emails to ensure that emails are delivered properly and not marked as spam. Monitor email delivery and check the email headers to ensure that SPF checks are passing.
Optional configurations for Sophos email appliance
If you are using Sophos Email Appliance, ensure it is configured to enforce SPF checks on incoming emails.
- Log in to the Sophos Email Appliance management console.
- Navigate to the policy settings for email filtering.
- Enable SPF checks and configure the desired action for emails that fail the SPF check (e.g., quarantine, reject, or tag).
Follow these best practices
- Don’t add unnecessary and obsolete ‘include’ statements, as they make the SPF record lengthy and difficult to manage. The simpler an SPF record is, the easier it is to troubleshoot.
- Use SPF in conjunction with DKIM and DMARC to ensure 360-degree protection against cyber threats emerging from emails, including phishing, spoofing, and ransomware.
- Stay within the lookup limit of 10. Organizations with complex email infrastructures and many third-party vendors tend to reach this limit quickly, invalidating their SPF records and opening gates for threat actors to hop in.
If your SPF record has already exceeded the DNS lookup limit of 10, try our automatic SPF flattening tool. It compiles all resolved IP addresses into a single list, replacing the ‘include’ mechanisms with direct IP addresses.