--- title: "The UK’s Central Digital and Data Office Solved a Unique Problem with Sender Policy Framework | AutoSPF" description: "AutoSPF · The UK’s Central Digital and Data Office Solved a Unique Problem with Sender Policy Framework In 2022." image: "https://autospf.com/og/blog/uks-central-digital-data-office-solved-problem-with-sender-policy-framework.png" canonical: "https://autospf.com/blog/uks-central-digital-data-office-solved-problem-with-sender-policy-framework/" --- Quick Answer AutoSPF · The UK’s Central Digital and Data Office Solved a Unique Problem with Sender Policy Framework In 2022, the Securing Government Services team at the Central Digital and Data Office came across an interesting problem with SPF. The team found a small bug with how UK government domains’ administrators managed the Sender Policy Framework or SPF records. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fautospf.com%2Fblog%2Fuks-central-digital-data-office-solved-problem-with-sender-policy-framework%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=The%20UK%E2%80%99s%20Central%20Digital%20and%20Data%20Office%20Solved%20a%20Unique%20Problem%20with%20Sender%20Policy%20Framework&url=https%3A%2F%2Fautospf.com%2Fblog%2Fuks-central-digital-data-office-solved-problem-with-sender-policy-framework%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fautospf.com%2Fblog%2Fuks-central-digital-data-office-solved-problem-with-sender-policy-framework%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fautospf.com%2Fblog%2Fuks-central-digital-data-office-solved-problem-with-sender-policy-framework%2F&title=The%20UK%E2%80%99s%20Central%20Digital%20and%20Data%20Office%20Solved%20a%20Unique%20Problem%20with%20Sender%20Policy%20Framework "Share on Reddit") [ ](mailto:?subject=The%20UK%E2%80%99s%20Central%20Digital%20and%20Data%20Office%20Solved%20a%20Unique%20Problem%20with%20Sender%20Policy%20Framework&body=Check out this article: https%3A%2F%2Fautospf.com%2Fblog%2Fuks-central-digital-data-office-solved-problem-with-sender-policy-framework%2F "Share via Email") ![AutoSPF blog post image](https://media.mailhop.org/autospf/images/2024/03/multiple-spf-records.jpg) [AutoSPF](https://soundcloud.com/autospf "AutoSPF") · [The UK’s Central Digital and Data Office Solved a Unique Problem with Sender Policy Framework](https://soundcloud.com/autospf/the-uks-central-digital-and-data-office-solved-a-unique-problem-with-sender-policy-framework "The UK’s Central Digital and Data Office Solved a Unique Problem with Sender Policy Framework") In 2022, the [Securing Government Services team at the Central Digital and Data Office](https://technology.blog.gov.uk/2022/07/11/solving-an-interesting-problem-with-sender-policy-framework-records/) came across an interesting problem with SPF. The team found a small bug with how UK government domains’ administrators managed the [Sender Policy Framework](/blog/what-is-spf-email-a-guide-to-sender-validation-technology/) or SPF records. SPF is an [email authentication protocol](/spf-too-many-dns-lookups/spf-lookup/) that ensures only emails sent from trusted and authorized IP addresses land in the primary inboxes of desired recipients; all suspicious emails either get marked as spam or [bounce back](https://woodpecker.co/blog/why-emails-bounce-10-most-common-issues/). So, if exampledomain.gov.uk uses Microsoft Outlook to send emails, an official in charge has to create a TXT record in its DNS to specify all IP addresses allowed to send emails on their behalf. This propagates the information across the internet that if an email is purported to be sent from exampledomain.gov.uk, it should be considered authorized and non-malicious only if it has been sent from the Outlook server from one of the IP addresses enlisted in the [SPF record](/explaining-sender-policy-framework-spf-macros/spf-record-syntax/). This prevents adversaries from impersonating officials and [sending out fraudulent emails](https://cointelegraph.com/news/coordinated-crypto-investor-phishing-campaign-email-alert). ![DNS attack](https://media.mailhop.org/autospf/images/2024/03/multiple-spf-record-3.jpg) The impact of a DNS attack ## How was the Problem Discovered? The security team noticed that an SPF record had no misconfigurations, yet it was being marked as invalid, risking the protection of officials and citizens. The SPF record under observation was this- ``` "v=spf1 include:example.com include:spfprotectionoutlook.com -all" ``` So, to begin with, the team performed a simple conformance check to see if the record was written in the correct syntax. And yes, it was written correctly. Next, they evaluated the included domains by performing [DNS lookups](/spf-too-many-dns-lookups/) and found the problem. They discovered that the second domain was spelled incorrectly. So, when they performed a DNS lookup on that domain, it returned [an error - NXDOMAIN](https://www.cloudns.net/blog/what-is-nxdomain/). T\_his [SPF permerror](/spf-too-many-dns-lookups/permerror-spf-permanent-error-too-many-dns-lookups/) error caused a misinterpretation of the domain’s published SPF record, making it invalid\_. Earlier, they were under the impression that a partially matching set of ‘includes’ still validates and that the overall SPF record would be valid. However, they realized it wasn’t the case after rereading the [specifications](https://datatracker.ietf.org/doc/html/rfc7208). ![Email server](https://media.mailhop.org/autospf/images/2024/03/multiple-spf-records-4785.jpg) ## How Do You Fix the Issue? The problem was resolved by correcting the spelling of the incorrect domain; however, they still don’t know if threat actors exploited it. What they learned from this was that someone should regularly audit domain names in SPF records, as they can be misspelled or expired. Also, it’s good to check using different mail servers as they work on various algorithms and may show other results. When an SPF record is deemed invalid, it compromises the effectiveness of this security measure, leaving the email domain susceptible to unauthorized use and potential [exploitation by malicious actors](https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b). An invalid SPF record can result from syntax errors, outdated information, or improper configuration. Maintaining a [valid SPF record](/spf-validation-failed-meaning-and-troubleshooting-methods/invalid-spf-record/) is essential for ensuring that email recipients can trust the authenticity of messages originating from a particular domain. A valid SPF record enhances email deliverability, reduces the likelihood of emails being marked as spam, and bolsters overall [cybersecurity](/blog/ai-automation-is-enabling-cisos-to-be-quick-and-accurate/). Therefore, it is imperative for organizations and domain owners to regularly update and validate their SPF records to uphold the integrity of their email communication and fortify their [defenses against phishing](/generative-ai-and-phishing-threats/spf-record-example/) attempts and other [email-based threats](https://www.geeksforgeeks.org/types-of-email-attacks/). Reach out to [AutoSPF](/) for any inquiries related to SPF Records. ## Topics [ email security ](/tags/email-security/)[ SPF ](/tags/spf/)[ SPF Permerror ](/tags/spf-permerror/)[ SPF record ](/tags/spf-record/) ![Brad Slavin](https://media.mailhop.org/autospf/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead for AutoSPF's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Ready to get started? Try AutoSPF free — no credit card required. [ Book a Demo ](/book-a-demo/) ## Related Articles [ Foundational 17m 10 Reasons The SPF Standard Is Essential For Protecting Your Domain Nov 20, 2025 ](/blog/10-reasons-the-spf-standard-is-essential-for-protecting-your-domain/)[ Foundational 4m 7 Myths and Misconceptions about Sender Policy Framework May 31, 2024 ](/blog/7-myths-and-misconceptions-about-sender-policy-framework/)[ Foundational 6m AutoSPF’s Complete Guide: How to Add an SPF Record in Namecheap Dec 17, 2025 ](/blog/autospf-complete-guide-to-adding-an-spf-record-in-namecheap/)[ Foundational 7m Best Free SPF Checker Tools in 2026: Detailed Comparison Mar 26, 2026 ](/blog/best-spf-checker-tools-free-2026/) ```json {"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897474","https://www.linkedin.com/company/autospf","https://x.com/autospf01","https://www.g2.com/products/autospf/reviews"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://autospf.com/contact-us/"},"knowsAbout":["SPF Record Flattening","Sender Policy Framework","Email Authentication","DNS Management","DMARC","DKIM"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"AutoSPF","url":"https://autospf.com","description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","publisher":{"@type":"Organization","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"The UK’s Central Digital and Data Office Solved a Unique Problem with Sender Policy Framework","description":"AutoSPF · The UK’s Central Digital and Data Office Solved a Unique Problem with Sender Policy Framework In 2022.","url":"https://autospf.com/blog/uks-central-digital-data-office-solved-problem-with-sender-policy-framework/","datePublished":"2024-03-07T18:42:08.000Z","dateModified":"2026-04-18T02:36:41.000Z","dateCreated":"2024-03-07T18:42:08.000Z","author":{"@type":"Person","@id":"https://autospf.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://autospf.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind AutoSPF, DMARC Report, Phish Protection, and Mailhop. He founded DuoCircle in 2014 to solve the SPF 10-DNS-lookup problem at scale and has led the company's growth to 2,000+ customers. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement) rather than hands-on DNS engineering.","image":"https://media.mailhop.org/autospf/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"AutoSPF","url":"https://autospf.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897474","https://www.linkedin.com/company/autospf","https://x.com/autospf01","https://www.g2.com/products/autospf/reviews"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://autospf.com/contact-us/"},"knowsAbout":["SPF Record Flattening","Sender Policy Framework","Email Authentication","DNS Management","DMARC","DKIM"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://autospf.com/blog/uks-central-digital-data-office-solved-problem-with-sender-policy-framework/"},"articleSection":"foundational","keywords":"email security, SPF, SPF Permerror, SPF record","wordCount":551,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/autospf/images/2024/03/multiple-spf-records.jpg","caption":"AutoSPF blog post image","width":900,"height":591},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://autospf.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://autospf.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://autospf.com/foundational/"},{"@type":"ListItem","position":4,"name":"The UK’s Central Digital and Data Office Solved a Unique Problem with Sender Policy Framework","item":"https://autospf.com/blog/uks-central-digital-data-office-solved-problem-with-sender-policy-framework/"}]} ```