Email Security Test Domain

📧 Why did I receive an email from this domain?

This domain is part of the Net Reaction Small Business Security email configuration testing service.

Someone at your organization requested an Email Security Test, which sends a series of test emails to verify that your email provider is properly filtering malicious messages.

⚠️ This is NOT spam or phishing

This test was explicitly requested by a user at your organization. The emails are safe and are designed to test your email security configuration.

🔍 What does this test check?

Test #1: SPF Verification

This test checks whether your email provider validates SPF (Sender Policy Framework) records.

SPF is a basic email authentication method that tells receiving servers which IP addresses are allowed to send email for a domain. When you received this email, it was sent from a server that is NOT authorized in our domain's SPF record.

If you received this email in your inbox:

Your email provider is NOT checking SPF records. This means attackers could easily spoof emails from any domain and reach your users.

🛠️ How to fix this

If this email reached your inbox (not spam/junk folder), your email security needs attention:

  1. Identify your email provider Determine if you use Microsoft 365, Google Workspace, on-premises Exchange, or another provider.
  2. For Microsoft 365 SPF checking is enabled by default. If this test failed, contact Microsoft support to verify your anti-spam settings are configured correctly.
  3. For Google Workspace SPF checking is enabled by default. Review your spam filter settings in Admin Console → Apps → Google Workspace → Gmail → Spam, Phishing and Malware.
  4. For on-premises Exchange Enable SPF checking in your spam filter, email gateway, or anti-spam solution. This may require configuration in your mail flow rules.
  5. For other providers Contact your IT provider or email administrator to enable SPF verification. If your current solution cannot enforce SPF checking, consider migrating to a modern email platform.

📚 What is SPF?

SPF (Sender Policy Framework) is an email authentication standard that helps prevent email spoofing. It works by:

  1. Domain owner publishes SPF record A DNS TXT record lists which IP addresses/servers are allowed to send email for that domain.
  2. Receiving server checks SPF When an email arrives, the receiving server looks up the sender's domain SPF record.
  3. IP address is verified The server checks if the sending IP is listed as authorized in the SPF record.
  4. Action is taken If the IP isn't authorized, the email should be rejected, quarantined, or marked as suspicious.

An SPF record looks like this:

v=spf1 include:_spf.google.com include:spf.protection.outlook.com -all

This record says: "Only Google and Microsoft servers are allowed to send email for this domain. Reject all others (-all)."

This test is provided by Net Reaction Security

Questions? Contact security@netreaction.com