SPF stands for “Sender Policy Framework” and basically its away to ensure that emails aren’t forged (spoofed) by listing where your emails are allowed to come from. The problem it addresses is that anyone with their own mail server can send an email that looks like it came from any email address.
So, how does your mail server make sure that email from your bank is legit? It checks the IP address of the sending mail server against what is listed in your “SPF record”, which is a type of DNS Record. If it doesn’t match, the email could be rejected completely, like not even marked as junk/spam.
Usually, your email provider will give directions to setup the SPF record as part of the DNS setup for your email. Some IT people overlook this step, not realizing its importance, so its always a good idea to validate that your SPF record is working by using this SPF Record Testing Tool (just the first test is usually enough to verify).
DKIM Records are of secondary importance to SPF Records, and basically do the same thing, which is ensure that emails aren’t forged. The difference is that with DKIM a digital signature is added to your emails, in a hidden part of the email, called “headers”. The receiving email server can check this signature against what is listed in your DNS records.
For example, we use Zoho for our email and so our SPF and DKIM records looks like the screenshot below.
The biggest security risk you have is your password. If you use the same password all over the internet, then it takes only one site getting hacked to comprise all the places you used the same password.
The only way to properly deal with a myriad of passwords is with a password manager program. We’ve been using Lastpass.com for several years and couldn’t imagine life without it. It syncs across all your devices, allows us to generate a unique unbreakable password for each site and share passwords securely, even without divulging the actual password for low-privileged-access.
Most people are concerned with using a password manager because they believe that its an easy target for hackers, who could gain access to all your accounts at once. This is why lastpass uses your “master password” to encrypt your passwords database, so even if the lastpass website was hacked it wouldn’t matter unless the hacker could guess your “master password”. They also require you to confirm via an email link when you try to sign in from a new device, so you should make your email password easy enough to remember.
Since your “master password” is the “encryption key” its so important to come up with a really strong password that you’ve never used anywhere before, like “323yHHa.nm”. When creating your password, keep in mind that you will end up entering it a lot, so make it easy to type in, but not a regular word.
Lastpass works best as a browser extension, and works with all major browsers. We love how it will autofill the login information for you and automatically add your credentials when it detects a sign-up form.
We’ve used the free version of lastpass and it works great, but we’ve been using the paid version in order to be able to share passwords securely.