Description
- Type: CUSTOMER
- Severity: WARNING
- Protection against: SOCIAL ENGINEERING
- CIS: M365 4.12 - (L1) Ensure that SPF records are published for all Exchange Domains
This Customer Check verifies whether SPF Records are correctly published for all domains associated with Exchange Online.
Why this check?
SPF is an important feature to demonstrate the authenticity of your email messages. Conversely, it serves to block emails that are wrongly sent in your name, for example by phishers and spammers. This indirectly serves the reputation of your organization, as without this protection an attacker could supposedly try to deceive someone in your name.
SPF stands for "Sender Policy Framework". This feature allows you to define in your DNS records which email servers are authorized to send emails on behalf of your domain. SPF works through DNS records and is recommended along with DMARC (CHK-1030) and DKIM (CHK-1029) to optimize the reliability of email traffic.
CIS Benchmarks
This measure aligns with the following item from the Center for Internet Security (CIS) Microsoft 365 Foundations Benchmark:
- CIS M365 4.12 - (L1) Ensure that SPF records are published for all Exchange Domains
What possible outcomes does the check have?
This check has two possible outcomes. In Attic, this is reflected as follows:
- Okay: SPF is correctly configured for all email domains
- Warning: For one or more domains associated with your Exchange Online, SPF is not correctly configured.
How should this be followed up?
If the output is Warning , we advise setting up SPF for all domains where this is not yet or not fully the case. More information on implementing SPF records can be found here:
Set up SPF to help prevent spoofing - Office 365 | Microsoft Docs
Comments
0 comments
Please sign in to leave a comment.