Emails have a ‘From’ address which tells the recipient who sent the email. However, email is unauthenticated, and this address can be set to anything. There is nothing built into the email protocol that prevents email senders from deliberately using false ‘From’ addresses.
The ‘From’ address is one of the ways spammers can try to make their emails look genuine. They might pretend to be sent from a bank or a well known company. This is called email spoofing. One of the best tools we have to guard against this is called the Sender Policy Framework or SPF.
Using SPF to identify emails with spoofed sender addresses relies on the fact that email is sent from a server with an IP address and that address cannot be spoofed. SPF records are essentially a public record that identifies which mail servers are permitted to send email on behalf of a particular domain.
SPF records are a type of DNS record - Domain Name System. DNS records are an important part of how the internet works. They basically connect things like your website address and your email addresses to the actual servers that perform those functions.
If you send email from TalkBox and your sender includes your own domain (e.g. email@example.com) and you have not setup a SPF record then you are essentially asking the TalkBox server to do email spoofing. TalkBox will be sending email from firstname.lastname@example.org but will have no more right to than any other mail server on the web.
We recommend, if you do want to use TalkBox to send email from your domain, that you set up the SPF record below. Only the administrators of the domain can do this, this is likely to be the person who looks after your website.