Support

Sender Policy Framework (SPF) is an email standard to stop a scammer forging the From address of an email to fool you into believing that the email has come from, say, your bank when it hasn’t. It does this by listing all the servers that can send genuine emails from your domain so that if an email is coming from a server that’s not on this list then it can be rejected as a forgery. This list of authorised servers is published as a DNS record so anyone can read it but only the owner of the domain has the ability to change it.
A great idea, but if any email system did reject all emails that fail an SPF check it would also be rejecting many genuine emails because:-

• Many domains have ignored this standard and failed to create an SPF record.
• Email systems often fail to update their SPF record when a new server is added.
• People setup forwarding of incoming emails to a mailbox on another system and so the forwarded email comes from an unauthorised server.

So why bother?

• The more systems that create SPF records the stronger the standard will become.
• It’s now rare for any well-known company not to have an SPF record, so you don’t want to look unprofessional.
• It doesn’t cost anything – you will already have a DNS server for your domain to operate email and websites and an SPF record is just another DNS record.
• Anti-spam systems give you credit if emails you send pass an SPF check and so make it less likely that your emails will get marked as spam.

And what about forwarding emails to other email systems? It’s always bad idea, so don’t do it. Some anti-spam systems look further back through the path an email has taken and give credit if an earlier mail-server is listed in the SPF record.

An SPF record is a DNS record of type TXT stored on the DNS server responsible for your domain. Your domain will already have some DNS records: type A records are needed to operate a website and type MX records are required to operate email.

This website will display your current SPF record and also tell you if it is valid – just enter your domain where it says “Domain name:”,
https://www.kitterman.com/spf/validate.html
If your SPF record is valid that only means it follows the standards for creating an SPF record, is doesn’t necessarily mean that it’s correct.
To be correct the SPF record must list all the mail-servers that send out emails from your domain. A valid but incorrect SPF record can cause more problems that not having an SPF record at all.

Windows, MacOS and Linux all have built-in utilities for displaying DNS records. Here’s how to find your SPF record in Windows:-

• Open a Command Prompt by searching or running: cmd
  A black “terminal” window opens where you type a command, press enter, Windows shows a reply, you type the next command and so on. The previous commands/replies gradually scroll up the screen until they eventually disappear off the top.
  (40 years ago, before the Macintosh arrived, this was how all computers worked.)
• Enter the command: nslookup
• Enter the command: set type=txt
• Enter your domain name. The computer will then display any domain level TXT records. Your SPF record is the one that begins with “v=spf1”
  This doesn’t tell you if the SPF record is valid or correct, just if you have one and what it is.

Creating the correct, valid SPF record for your domain can be complicated. We’re happy to help you with this if you’re struggling.

Digital certificates have many security applications. They come as a pair, a Private Key and a Public Key, and, as the names suggest, the Private Key is stored securely by the organisation that owns it and the Public Key is made available for anybody that wants it. The trick is that if the Private Key is used to encrypt a file then only the Public Key is able to successfully decrypt it.

DomainKeys Identified Mail (DKIM) is where parts of an email are encrypted by a Private Key and the result of the encryption – the Hash – is included in the email as an additional header. The email system receiving this email fetches the corresponding Public Key, which is published as a DNS record, and uses it to decrypt the hash and check that the result matches the sections of the emails that were encrypted. If they do match this means the email is genuine, as only the originating domain could have encrypted it and published the Public Key. It also means that the sections that were encrypted haven’t been altered in transit. If the decrypted sections don’t match it means they have been altered since leaving the originating mail-server and so the email may have been interfered with.

So, the end of fake emails, right? Afraid not, many genuine email systems still don’t DKIM sign their emails, either out of ignorance, indifference or their mail-server can’t perform DKIM signing. Those that do DKIM sign their emails usually get credit by anti-spam systems.
DKIM signing doesn’t stop spam, just faked emails, as many spammers DKIM sign their emails.

You must also DKIM sign your emails with the key that is published at your domain’s DNS and not some other 3rd party domain, as faked emails can easily be DKIM signed by some other domain. Arrowmail’s filtering system gives no credit to emails that are DKIM signed by 3rd party domains.

So it’s definitely worth DKIM signing all outgoing emails from your domain as it usually doesn’t cost anything and it makes your email system look more professional and trustworthy.

You would only need such a rule if, as well as your main address, you have other email addresses, called aliases, that are being forwarded to your mailbox, and you want emails to these aliases to be automatically moved to a subfolder.

This sounds like a trivial question as there is already a rule condition called “sent to people or public group” that you can choose when creating an Inbox Rule.
The problem is that if you use this condition the rule becomes a “client only” rule which then only operates when you have Outlook open, instead of operating all the time, which is what you want. There must be a reason why Microsoft made rules that use this condition to be “client only” but I can’t work it out.

Anyway, the trick to get this rule to operate all the time is to select a different condition called “with specific words in the message header” and enter the alias address you want the rule to apply to as the words this rule uses.
The message header of an email is the section that contains the To, From and Subject lines plus many more headers that are not displayed in Outlook but contain information about the email.
It’s possible this rule will trigger when it shouldn’t if an email is sent to both your main email address as well as the alias or if the alias address happens to be in the Subject line, but this would be a rare occurance and would be a minor inconvenience.

It used to be that when you bought a new computer, if you paid an additonal £30, you would get a full version of Microsoft Office installed that lasted for the lifetime of the computer. Now, with Microsoft 365 (formerly Office 365) businesses need to pay over £11/month to rent a copy of Office for each employee. From Microsoft’s point of view, a recurring monthly income is better than a bigger one-off payment and so that’s why they are doing their best to push everyone towards the subscription model: lots of extra’s included and free upgrades to the latest version of Office. People are now more accepting of buying things with low monthly payments instead of a larger up front purchase for thingslike smartphones, leasing cars and “buy now pay later” websites but it’s not necessarily the best thing for the consumer, and you can still buy Microsoft Office for a one-off cost of around £30.

Why might buying Microsoft Office outright be better than renting it?

• It costs less than 6 months of rental payments
• Most people only need Word, Excel, Powerpoint and Outlook. The extras that are included with an Office subscription can mostly be obtained from other suppliers if needed, often for free.
• Most versions of Office, since Office 2013, look and behave the same and so being locked to, say, Office 2021 is unlikely to ever cause a problem. Maybe after 5 years when Microsoft stop supporting it, buy another permanent licence for the latest version.

So we are talking here about an Original Equipment Manufacturer (OEM) Microsoft Office licence which can only be installed on one computer, can’t be moved to a different one, and when that computer is scrapped the licence expires. There are plenty of places that sell OEM licences such as https://theunitysoft.com/
I have used this website in the past and it has worked, permanently without a problem. You download the Office installation file from the Microsoft Website, enter the licence code you have bought and it activates successfully. There are no tricks or hacks so my belief is that it is perfectly legal.
There are other unscrupulous websites that offer hacked versions of Office, usually for under £10, so, as with any Internet purchase these days, you have to be careful.

Buying Microsoft Office via a subscription might still be better for some people:-

• Charities, students and family subscriptions are usually discounted.
• Your company might be heavily dependent on OneDrive or Teams where the professional versions are only available with a subscription.
• You may be planning to replace your computer soon.
• Your IT support company may insist that you use Microsoft Office via the subscription method.

Yes, many people do. Why not just use a Gmail or Hotmail address – they are reliable, easy to setup and use and, oh yes, they’re free? This means you don’t have to buy your own domain name and organise an email system for it when you’re not familiar with the pitfalls of email. Before we get on to the “why not”s, here’s some advice for using a free email address for your business:-

• Free email addresses have been around for over 20 years and some now look dated so use one of the current popular ones. I recommend gmail.com, with icloud.com and outlook.com as runners up. Don’t use hotmail.com/co.uk, btinternet/btopenworld, yahoo or aol.
• It’s OK for the part of the address before the @ sign to be long – 20 characters is fine. All the nice short ones will already have been taken. Don’t use numbers unless there are numbers in your company name, so not julie5555@gmail.com
• Send you emails using the mail-server of the company that provided the address. Sounds obvious doesn’t it? If you are using the web version of Gmail then your emails are automatically sent using a Gmail server but if you are using your Gmail account in Outlook, on a phone, for sending mail-outs or for a website contact form you need to specify the outgoing (SMTP) server as smtp.gmail.com – a surprising number of people don’t. They might use the SMTP server of their Internet or phone provider, their website host or some email marketing service.
  An email from a Gmail address that hasn’t come from a Gmail server looks like a fake and is often blocked by email filters.
  You are supposed to be using a free email address to avoid pitfalls not to fall into them.
• Don’t specify a Reply-To address that is different to your From address – that sort of thing is what spammers do.

And now why you should go to the trouble of getting your own domain for your business emails:-

• A free email address doesn’t look professional. You might get away with it if you are a very small company but using a free email address, not having a landline number, not being VAT registered and having a company address that is obviously your house all say “small”.
  If you are a self-employed decorator or hairdresser then “small” is what people expect and you are just being honest but if you have dreams of building a corporate empire you need to look the part.
• ..er, a website? That’s hard to get without having your own domain name. A “.co.uk” domain is only around £10/year and then sorting out email is much simpler than organising a good-looking website. Many email providers will charge just a few pounds a month for email and good ones (ah-hem) will provide support to make sure your email operates professionally and the way you want it to.
• There are no guarantees that you can continue to use your free email address that you’ve just gone to the expense of printing on your business cards and painting on the side of your van. Gmail probably isn’t going anywhere but they could fall out with you for not complying wth their Acceptable Use Policy or your account could be hacked/hijacked and you might be unable to get it back under your control.
• Because free addresses are easy to get and untracable many spammers use them. The providers of the addresses do quickly detect this and disable the account but the spammer then just gets a new address. Many free email services therefore do have limits to the number and type of emails you can send. This usually isn’t problem for normal business and personal emails but you do have to be careful if you want to use it for email marketing – my advice is “don’t”.

Oops, there goes my blood pressure. The short answer is you can’t because there are laws against it. You would be sending Unsolicited Commercial Emails (UCE) which is the official name for spam. You are only allowed to send marketing emails to recipients who have previously and knowingly opted-in to received them from your company. This is great for telling existing customers about offers and new products but no good for getting new customers.

The long answer is, even though there are laws against it, nobody has ever been convicted of sending spam – maybe because spam is just annoying and there are actual threats out there for the authorities to concentrate on. It’s therefore left to members of the email industry, like Arrowmail, to do their best to block spam, and we do a pretty good job. But assuming that you are a genuine company with a real product or service to sell which isn’t a scam or a rip-off here is some genuine advice:-
It seems to be acceptable to show unsolicited advertising to people when they are getting something in return: with commercial TV you get programs to enjoy, a magazine cover price can be kept low because of the advertising revenue, and search engines, social media and other free apps are funded by advertising. I can only think of billboards as a form of unsolicited advertising that is still considered acceptable which has nothing in it for the viewer, except sometimes perhaps humour. So, to get new customers, spend your advertising budget on these other forms of advertising and keep email marketing for retaining your existing customers.