SPF - Sender Policy Framework
SPF (Sender Policy Framework
A DNS-based technology that allows a domain owner to specify a limited set of IP addresses that email for that domain may be sent from.
The domain authenticated by SPF is not the “header From” domain visible in most email clients. SPF authenticates the envelope domain, also called the MailFrom domain, described in RFC 5321. This domain typically appears in the “Return-Path:” message header.
Sender Policy Framework (SPF) is specified in RFC-7208 (https://tools.ietf.org/html/rfc7208).
See also: http://www.openspf.org/; IETF publication RFC 7208 dated April 2014, see https://tools.ietf.org/html/rfc7208) is an authentication standard that allows domain owners to specify which servers are authorized to send email with their domain in the Mail From: email address. SPF allows receivers to query DNS to retrieve the list of authorized servers for a given domain. If an email message arrives via an authorized server, the receiver can consider the email authentic.
example SPF - Sender Policy Frameworkle.net. IN TXT “v=spf1 a mx -all”
NOTE: SPF is not ideal for all email use cases and can fail if a message is forwarded. The Mail From: domain authenticated by SPF is not easily visible by an email recipient.
The framework defines an authentication process that ties the “5321.from” address (also known as the Mail From, Envelope From or Return Path) to authorized sending IP addresses. This authorization is published in a TXT record in DNS.
Receivers can check SPF at the beginning of a SMTP transaction and compare the 5321.from domain to the connecting IP address to determine if the connecting IP is authorized to transmit mail for that domain.
By publishing an SPF record for a domain, you are asserting that email should only originate from IP addresses in the published record.
Details about SPF include:
- SPF record syntax
- SPF record length
- SPF alignment
See Also