Home Reviews What is SPF?

What is SPF?

0
What is SPF?

What is SPF?

SPF was initiated by Meng Weng Wong of pobox.com to enable validation of legitimate sources of email for a domain and is now an IETF standard (RFC 4408).

An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain.

The purpose of an SPF record is to prevent spammers from sending messages with forged From addresses at your domain. Recipients can refer to the SPF record to determine whether a message purporting to be from your domain comes from an authorized mail server.

If your domain does not have an SPF record, some recipient domains may reject messages from your users because they cannot validate that the messages come from an authorized mail server.

In this way, SPF helps mail servers distinguish forgeries from real mail by making it possible for a domain owner to say, “I only send mail from these machines”. That way, if any other machines try to send mail from that domain, the mail server knows that the From address is forged. Briefly, the design intent of the SPF resource record (RR) is to allow a receiving MTA (Message Transfer Agent) to interrogate the Name Server (DNS) of the domain which appears in the email (the sender) and determine if the originating IP of the mail (the source) is authorized to send mail for the sender’s domain. The mail sender is required to publish an SPF RR (documented here) in the DNS zone file for their domain but this is transparent to the sending MTA.

In the last years, SPF records are increasingly being used as a filter for email. That means that failing to put one on your domains (or that of your clients) can result in email being sent directly to the spam bin, bounced back or even deleted.

SPF vs Sender ID

SPF and Sender ID are not the same. They differ in what they validate and what layer of the e-mail system they are concerned with, but both use the same syntax for their policy records:

  • SPF validates the HELO domain and the MAIL FROM address against the policies published via DNS (SPF record).
  • Sender ID is a Microsoft protocol derived from SPF which validates one of the message’s address header fields defined by RFC 2822. Since it was derived from SPF, Sender ID can also validate the MAIL FROM. But it defines the new PRA identity to validate, and defines new sender policy record tags that specify whether a policy covers MAIL FROM (called MFROM by Sender ID), PRA, or both.

The tag for SPF records is “v=spf1” while Sender ID is using other tags like “spf2.0/pra”, “spf2.0/from”,…

Which is better? Neither is better because they solve different problems:

  • SPF can be compared to other SMTP layer protocol like CSV/CSA.
  • Sender ID can be compared to other RFC 2822 layer protocols like DomainKeys IM(DKIM)