The standards for SMTP, the protocol used for sending emails, have no integrated or mandatory mechanism for validating the authenticity of a sender. As such it is technically simple to spoof the sender address in an email. It requires no technical knowledge, simply adjusting the sender/from address in your email client will give the ability to spoof any email address.
In an attempt to combat spoofing add-on technical approaches have been developed. The widely adopted Sender Policy Framework (SPF) approach uses a DNS record to publish a list of IP addresses that are authorised to send email on behalf of a domain. Receiving mail servers can optionally compare the IP address of the server sending the email with the SPF record and based upon the outcome make a decision of whether the email is genuine.
As part of the mailFeed service we check for the presence of a SPF record and use it as part of decision making process on whether to accept, quarantine or block the email. If your domain does not publish a SPF record we cannot perform this validation check and therefore the ability to detect spoofed email is diminished. Enabling SPF does have implications as it requires a thorough understanding of the IP addresses used to send email from your domain. Failures to maintain this can result in you instructing mail servers to block your email.
We do recommend that SPF is enabled for all domains that use the mailFeed service to enable spoofing detection.
Further information relating to SPF can be found in the following article:
https://portal.yorkukhosting.com/knowledgebase/80/INFO-SPF-records.html