---
title: "SPF: Your Defense Against Typosquatting Cyberattacks | AutoSPF"
description: "Typosquatting is a cybercrime technique of making slight spelling alterations in the email address of a company’s employee or CXO to send fraudulent emails"
image: "https://autospf.com/images/og-default.png"
canonical: "https://autospf.com/generative-ai-and-phishing-threats/spf-record-example/"
---

#  SPF: Your Defense Against Typosquatting Cyberattacks 

_Typosquatting is a cybercrime technique of making slight spelling alterations in the email address of a company’s employee or CXO to send fraudulent emails in their name._ Generally, these **minor spelling deviations** go unnoticed by the recipients, and they end up getting tricked into sharing sensitive information or downloading malicious files. 

Since the [typosquatted](https://indianexpress.com/article/cities/pune/change-of-a-letter-in-email-address-costs-pune-firm-24k-euros-in-cyber-fraud-8845016/) [email addr](https://indianexpress.com/article/cities/pune/change-of-a-letter-in-email-address-costs-pune-firm-24k-euros-in-cyber-fraud-8845016/)[ess](https://indianexpress.com/article/cities/pune/change-of-a-letter-in-email-address-costs-pune-firm-24k-euros-in-cyber-fraud-8845016/) isn’t part of the official SPF record, the email fails the SPF authentication check at the receiver’s end. This way, the fraudulent message either lands in the **spam folder or bounces-back**, based on what type of fail you’ve set. 

![Sender Policy Framework 2](https://media.mailhop.org/autospf/images/2023/11/sender-policy-framework-2.jpg) 

## Even Barbara Corcoran Was Hit by Typosquatting

In February 2020, Barbara Corcoran, renowned host of Shark Tank, fell victim to a [$380,000](https://www.forbes.com/sites/rachelsandler/2020/02/27/shark-tank-host-barbara-corcoran-loses-380000-in-email-scam/?sh=5c2d988c511a) typosquatting-based phishing scam. A malicious actor created an email address that closely resembled her assistant’s, with just one letter misspelled. The email contained a fake invoice for $388,700.11 from a legitimate German company, seemingly related to real estate renovations, a field Corcoran invests in. Her bookkeeper, trusting the email’s appearance, wired the money. 

![Spf Record Example 1](https://media.mailhop.org/autospf/images/2023/11/spf-record-example-1.jpg) 

[Image sourced](https://cybersecurityasean.com/learning-guides/typosquatting-explained) from cybersecurityasean.com

The case came to light when the assistant was accidentally included in a reply to the email. While Barbara Corcoran didn’t provide a formal statement, she cautioned against hasty [wire transfer](https://en.wikipedia.org/wiki/Wire%5Ftransfer)[s](https://en.wikipedia.org/wiki/Wire%5Ftransfer) via a tweet. 

This incident underscores the need for email authentication using SPF, DKIM, and DMARC. _Had there been an SPF TXT record (text record) corresponding to their official email-sending domain, the fake email **wouldn’t have passed** the SPF authentication check at the bookkeeper’s end._ 

## SPF Record Example

Here’s an [SPF record example](/generative-ai-and-phishing-threats/) of a string and an explanation of its elements-

```
v=spf1 a mx ip6:2001:db8:3333:4444:5555:6666:7777:8888 include:_spf.xyz.com -all
```

- v=SPF1 is what every valid [SPF record](/generative-ai-and-phishing-threats/spf-record-generator/) starts with. The v tag represents the **SPF version number**, and until now, there has been only 1 version.
- The ‘a’ mechanism allows the [ip6 address](https://www.techtarget.com/iotagenda/definition/IPv6-address) to be a legitimate sender. So, emails sent from this IP address will pass the authentication check.
- The **‘mx’ mechanism** tells which recipients are permitted to receive messages for the domain. This tag ensures mail servers managing incoming messages for the domain are also able to dispatch messages.
- 2001:db8:3333:4444:5555:6666:7777:8888 is the IP6 address allowed to send emails from the domain.
- ‘Include:\_spf.xyz.com’ indicates that the domain owner has allowed a third-party service provider (having the xyz.com domain) to send emails on behalf of the organization.
- The **‘-all’ tag** is used in order to give instructions to receivers’ mailboxes to reject the entry of illegitimate email senders.
![SPF Record Checker 1](https://media.mailhop.org/autospf/images/2023/11/SPF-record-checker-1.jpg) 

## SPF Records Best Practices

_It’s suggested to create DNS TXT records **for all your domains**, including the ones you don’t use for sending emails._ Threat actors are in constant search of [unprotected domains](https://www.entorno.domains/unprotected-domains) to exploit them to their advantage. Start by enlisting all the IP addresses (IPv4 and IPv6) that you trust and allow to dispatch email messages on behalf of your company, followed by incorporating the **right set** of [SPF record syntax](/generative-ai-and-phishing-threats/spf-record-syntax/)– mechanisms, modifiers, and qualifiers. 

If your SPF DNS records have exceeded the **lookup limit**, then reach out to [AutoSPF](/), where we condense them, which eliminates the need for DNS lookups. 

Moreso, it’s vital to run them through credible online SPF record [lookup tools](https://dnschecker.org/spf-record-validation.php) that highlight existing configurational and syntactical errors so that you can fix them before mishapening instances. The deployment of SPF, DKIM, and DMARC also improves **email deliverability** for your email servers.

## How Do You Fix Your SPF Record, Free?

Give us a test drive for **30 days at no cost**. Fix your broken SPF in less than 60 seconds!

> [Fix My SPF Record!](/pricing/)

## Fix your SPF record in 60 seconds

page.data.title toolBanner && toolBanner.label toolBanner.description toolBanner.cta → showCTA && g2Config &&

[Start Free Trial→](/pricing/)

```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897474","https://www.linkedin.com/company/autospf","https://x.com/autospf01","https://www.facebook.com/autospf","https://github.com/duocircle","https://www.g2.com/products/autospf/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.6","reviewCount":"28","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/autospf/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://autospf.com/contact-us/"},"knowsAbout":["SPF Record Flattening","Sender Policy Framework","Email Authentication","DNS Management","DMARC","DKIM","Email Deliverability","SPF Lookup Limits"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"AutoSPF","url":"https://autospf.com","description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","publisher":{"@type":"Organization","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://autospf.com/"},{"@type":"ListItem","position":2,"name":"Generative Ai And Phishing Threats","item":"https://autospf.com/generative-ai-and-phishing-threats/"},{"@type":"ListItem","position":3,"name":"Spf Record Example","item":"https://autospf.com/generative-ai-and-phishing-threats/spf-record-example/"}]}
```