Medical Marcom

You need an SPF record right now

6 min reading time

This post has nothing to do with sunscreen.

Matt Barnett taught me something new this week. Again.

So I’m handing over the Journey reigns to him today.

And not a moment too soon. I’m exhausted from my first day of MDTX, the Medical Device Technology Exchange, I’m co-producing with Informa (they do Arab Health and $750-million worth of other exhibitions and conferences per year).

This was a significantly larger effort than hosting the 10x Medical Device Conference.

Before I turn it over to Matt, my MDTX insight today, even if it is somewhat obvious.

Little things can greatly shift customer perceptions of you.

I asked a few exhibitors if they wanted coffee.

They said, “Sure, where’s the coffee?”

I said, “I’ll bring it to you. What do you like in it?”

Their eyes widened. “Oh, you don’t have to do that.”

When I insisted, they said, “Wow! That’s really nice of you!”

The same when I made the rounds with large-sized candy bars. And again when I hand-delivered ice-cold beer at their booths, 30 minutes ahead of our planned happy hour.

And today was just set up. Tomorrow is when the foot traffic hits. Will each exhibitor get new customers?

I don’t know.

But I do know how they felt when I gave them a little extra. And showed I personally cared.

For you: What’s one little wow you could give one customer today? Then go do it. Before you blow it off because you’re “too busy.”

Too busy to delight your customer?

If yes, then you might want to revisit your priorities.

You need an SPF record right now

Hi, everyone. It’s Matt.

Before I started working with Joe, I worked with an outsourced IT outfit. Customers would have us handle everything from “I can’t get my printer to work” to “set up an entire private corporate network.”

A big part of my job was protecting peoples inboxes, and I found that very few organizations took even basic steps towards protecting their communications.

I’m writing today to tell you about something that you can do to help keep your emails from being caught in your recipients Junk folder or Spam filter. The added benefit is that it stops others from spoofing emails to make them appear as if they are from your organization!

First, what are DNS and SPF records?

DNS, or “Domain Name System,” captures for every Internet site digital information (including your site’s actual Internet location, also known as your IP address)

A DNS record is data that tells the web server how to respond to your input; namely, where to go next. Think of it as a directory of places on the internet you might want to send people to; which server your website can be found, which server to send your emails to, and more.

Now, an SPF (Sender Protection Framework) record is a special kind of DNS record.

An SPF record is your way of saying “email from my organization will come from (these) locations.” It also contains instructions on how to handle mail sent from locations not included in the record. It’s like saying, “John is the only person who will deliver things for us, send anyone else away.”

An Example

More than you need to know, but when you send an email,

  1. Your email is given to your email server to go out
  2. Your email server looks at the domain of the recipients’ email address and queries the domain’s DNS for the address of its Mail Exchanger, or MX Record
  3. Your email server sends the email to the server listed in the MX Record
  4. The recipient server receives the email and checks the senders (your) domain and then queries that domain’s DNS for the SPF record, if any
  5. The recipient server compares the SPF record to the originating server of the sent email
  6. The recipient server then delivers or rejects the email depending on the result

Okay, but why bother?

Just like sending a physical letter, there is nothing stopping me from claiming to be someone else and using their information in the return address. Emails can be created and sent into the internet by any connected computer, but emails include the IP address from which the email was originally sent. An SPF record authenticates a list of places where your emails SHOULD come from.

One common scheme I’ve had to mitigate is fraudulent wire transfer requests. In this scheme, an email is sent out spoofing the name and email address of a known contact and a request is made for a wire transfer. The spoofed contact generally did nothing wrong, they were not hacked or phished for information. Some clever person has likely used some other means to gather information about their target and sent an email modified to look like it came from who they claim to be. These attacks are among the hardest for the average user to spot. A proper SPF record prevents these types of spoofed emails from ever being delivered to the recipients’ inbox.

Let’s get started

Find out if you currently have an SPF record and start building an updated one using this free tool. Make sure to keep your records updated each time you add, remove, or migrate to a new mail source. Out-of-date records will cause legitimate mail to be directed to the spam folder or held by an email filter never reaching the final destination.

Who controls your DNS? Did you know anyone with access to your domain’s DNS can re-direct your inbound email and take control of your web traffic? Someone you know and trust should manage your DNS if you don’t control it yourself. Your domain’s DNS controls all aspects of your organization’s online presence and only those with a thorough understanding of your business should be making changes, a CTO/CIO or other knowledgeable person. Don’t let your email and website be compromised by web designers with limited knowledge of your systems.

Know and list your legitimate mail sources:
• Your inbound email server sends messages; G Suite, Office 365, or mail enabled Webhost (Godaddy, Bluehost, others)
• Does your website send email on your behalf directly from the webserver? User sign-ups, password resets, email alerts? WordPress notifications ending up in Junk mail is a very common issue.
• Do you or your website use 3’rd party mail providers? Drip Email Marketing, MailChimp, SendGrid, A. Webber all have special SPF record examples available to help build your custom SPF record.
• Don’t forget your CRM. Salesforce and Accelo send mail optionally as well and you’ll want to make sure your prospects and customers get your communications.

Choose what happens to unlisted mail sources:
Neutral: No affect, mail (generally) still delivered as if no records exist. Your legitimate mail still benefit from increased trust and spoofed mail becomes easier to spot.
Soft-fail: Most mail will still be delivered, but marked as suspicious, generally landing in the Junk mail or caught in the Spam filter waiting for release.
Hard-fail: Most mail providers will bounce mail from unlisted or incorrect sources as undeliverable. Use with caution.

I recommend building and starting your rule starting with Neutral and working your way up to Soft or Hard fail depending on your needs and the results of testing. With proper rules in place your direct emails and email marketing efforts will receive the benefits of added trust and acceptance, while simultaneously adding extra security to your domain ensuring others cannot spoof mail as if it came from you.

Know more about DNS by reading this article and watching the accompanying video. Help fight spam and spoofing and add your SPF record today. If managing the DNS is beyond you, or you need help in any way, feel free to reach out and ask for help.

Instead of a Fast Round

Our favorite Nicaraguan visited New York for the first time last week, ahead of her job to record the MDTX event.

So naturally your Brooklyn-born correspondent had to show her the town.

Lucia is the first New York tourist who ever asked me to spend a whole day showing her Brooklyn. This, before she stepped foot on Manhattan cement.

It’s late, so the highlights in rapid succession:

  • We drove to Bay Ridge and got macaroni and potato salad from Mike’s Delicatessen, spinach pies from the Mid-East Bakery on 3rd Avenue, and then for the piece de resistance, we went to my boyhood pizzeria where Tony let himself be photographed while he tossed dough in the air for her.
  • We visited my Aunt Marie. She’s 99.
  • I took her to DUMBO (Down Under the Manhattan and Brooklyn Overpass) where she snapped some gorgeous photos of the New York Skyline.
  • She made me take her to IKEA to get her mother some ????????????. (I slept in the car.)
  • We went for a walk in rainy Park Slope to see the brownstone buildings.
  • My friend comped us fifth-row center Broadway tickets.

In NYC: Upper East Side brunch, Battery Park, the bull, Wall Street, the World Trade Center, Chinatown, Little Italy, falafels in Washington Square Park, walking around SoHo.

It was fun seeing my city through her eyes.

Thank you for joining me on The Journey.

See you next week – or sooner – if you choose to reply to this email,

P.S. My next project? Deliver Michelle’s new website by April 25. Tick, tock goes the clock.

Was that a worthwhile read?

Then sign up for more insights!

By signing up you are agreeing to our Privacy Policy.

Paul Barker said… what?!

Paul Barker

Cardiac Science

I enjoy working with Joe on projects both big and small. He is an excellent manager, communicator, and colleague. And don't forget - listener!
more >>

email me