Best practices

Route53 Hosted Zone is not using SPF

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Route 53 hosted zone {AwsRoute53HostedZone} is not using Sender Policy Framework (SPF). SPF is used to tell email providers which servers are allowed to send email from their domains. Without SPF the domain can be used for email spoofing.

  • Recommended Mitigation

    It is recommended to enable SPF in Route 53 hosted zones by publishing a TXT record that contains a list of authorized servers. For more information: <a href="https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-authentication-spf.html." target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-authentication-spf.html.</a>

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.