WebX Auditor

SPF record published (anti-spoofing)

The domain should publish an SPF (Sender Policy Framework) TXT record so receiving mail servers can reject forged mail claiming to be from this department. Absence enables phishing that impersonates the site.

Security RFC 7208 (Sender Policy Framework) Advanced Security Audit
In short

No SPF record found — mail claiming to be from this domain can be spoofed. This check is fully automated — the scanner returns a definitive pass or fail.

How to fix it

Publish a TXT record beginning with "v=spf1" that lists the authorized mail servers and ends with "-all" (hard fail) or "~all" (soft fail). Checked on the domain after stripping any leading "www.".

Standards this maps to

Frameworks that require this

Advanced Security Audit

Severity

warning — an important issue to address.

Scans this and 300+ other checks across accessibility, SEO, security & speed — first audit free.

Related checks

Contingency Management PlanData ProtectionSQL Injection ProtectionXSS Protection (CSP preferred over X-XSS-Protection)CSRF Token ValidationSecure File UploadInput ValidationTLS 1.2+ EnforcementSecurity Headers CSP and HSTSCookie Security Flags