How to Add KnowBe4's Mail Servers to Your SPF Record
Sender Policy Framework (SPF) is a method of validation which was created to detect email spoofing. It is a process which verifies whether a particular sender is permitted to send emails on your behalf. Adding KnowBe4 to your SPF records will allow us to send emails on your behalf and will reduce the likelihood that those emails will be marked as spam or phishing.
If you're sending an email from KnowBe4 and your domain is CyberSecurity.com, you can create an SPF record that authorizes KnowBe4's mail servers as allowed mail servers for the CyberSecurity.com domain.
Adding the below information to your SPF record will allow all of KnowBe4's mail servers to send email on your behalf:
- ip4:192.254.121.248
- include:_phishspf.knowbe4.com
Example of SPF records with a soft fail (with GSuite as the mail server):
v=spf1 include:_spf.google.com ip4:192.254.121.248 include:_phishspf.knowbe4.com ~all
What if I am at my 10 DNS lookup limit on my SPF records?
For accounts located on the U.S. KnowBe4 Server (https://training.knowbe4.com)
Add these three IP addresses to your SPF records:
- ip4:192.254.121.248
- ip4:23.21.109.197
- ip4:23.21.109.212
For accounts located on the E.U. KnowBe4 Server (https://eu.knowbe4.com)
Add these three IP addresses to your SPF records:
- ip4:192.254.121.248
- ip4:52.49.201.246
- ip4:52.49.235.189
Example of SPF records with a soft fail on the U.S. KnowBe4 server (with GSuite as the mail server):
v=spf1 include:_spf.google.com ip4:192.254.121.248 ip4:23.21.109.197 ip4:23.21.109.212 ~all
After you update your SPF records, we recommend sending a test phishing email to yourself (which spoofs your domain) after you update these records.
Comments
0 comments
Article is closed for comments.