Nearly all abusive/spam email messages are sent using a fake/spoofed sender addresses.
SPF is an email validation system designed to detect email spoofing by proving a set of rules to allow receiving mail servers to check that incoming mail from a domain comes from a host authorized by that domain's administrators.
The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery. More precisely, the current version of SPF — called SPFv1 or SPF Classic — protects the envelope sender address, which is used for the delivery of messages.
Like paper mail letters, email messages have at least two kinds of sender addresses: one on the envelope and one in the letterhead:
- The envelope sender address (sometimes also called the return-path) is used during the transport of the message from mail server to mail server, e.g. to return the message to the sender in the case of a delivery failure. It is usually not displayed to the user by mail programs.
- The header sender address of an e-mail message is contained in the "From" or "Sender" header and is what is displayed to the user by mail programs. Generally, mail servers do not care about the header sender address when delivering a message.
(There are other solutions that protect the header sender address or that do not care at all about who sent the message, only who originally wrote it.)
Even more precisely, SPFv1 allows the owner of a domain to specify their mail sending policy, e.g. which mail servers they use to send mail from their domain. The technology requires two sides to play together: (1) the domain owner publishes this information in an SPF record in the domain's DNS zone, and when someone else's mail server receives a message claiming to come from that domain, then (2) the receiving server can check whether the message complies with the domain's stated policy. If, e.g., the message comes from an unknown server, it can be considered a fake.
For more information, please visit the official SPF website: http://www.open-spf.org/
Example SPF TXT RecordSnippets from a fictitious forward lookup 'yourdomain.com' zone file
|; Zone records|
|; Use if: The domain sends no mail at all.|
|; Use to: Allow domain's MXes to send mail for the domain and prohibit all others.|
|@||IN||TXT||"v=spf1 mx -all"|
SPF Syntax DetailsFor more information, please review the SPF Record Syntax: http://www.open-spf.org/SPF_Record_Syntax#include
Special note regarding the obsolete 'SPF' DNS RR Type
The use of alternative DNS RR types that was formerly supported during the experimental phase of SPF was discontinued in 2014.
SPF records must now only be published as a DNS TXT Resource Record (RR) [RFC 1035].
See RFC 7208 for further detail on this change.
According to RFC 7208 Section 3.1:
During the period when SPF was in development, requirements for assigning a new DNS RR type were more stringent than they are today and support for the deployment of new DNS RR types was not deployed in DNS servers and provisioning systems. The end result was that developers of SPF discovered it was easier and more practical to follow the TXT RR type for SPF.
- DomainKeys Identified Mail (DKIM)
- Domain-based Message Authentication, Reporting & Conformance (DMARC)
- DNS 'TXT' Resource Record (RR) Type