SPF - Sender Policy Framework

Top  Previous  Next

SPF is an open source standard that is emerging as a solution to prevent spammers from using fake email addresses. The following description was taken from the official SPF website at http://spf.pobox.com:

Domains use public records (DNS) to direct requests for different services (web, email, etc.) to the machines that perform those services. All domains already publish email (MX) records to tell the world what machines receive mail for the domain.
SPF works by domains publishing "reverse MX" records to tell the world what machines send mail from the domain. When receiving a message from a domain, the recipient can check those records to make sure mail is coming from where it should be coming from.
With SPF, those "reverse MX" records are easy to publish: one line in DNS is all it takes. Suppose a spammer forges a hotmail.com address and tries to spam you.

He connects from somewhere other than hotmail.

When his message is sent, you see MAIL FROM: <forged_address@hotmail.com>, but you don't have to take his word for it. You can ask Hotmail if the IP address comes from their network.

(In this example) Hotmail publishes an SPF record. That record tells you (your computer) how to find out if the sending machine is allowed to send mail from Hotmail.

If Hotmail says they recognize the sending machine, it passes, and you can assume the sender is who they say they are. If the message fails SPF tests, it's a forgery. That's how you can tell it's probably a spammer.

SpamFilter ISP looks up SPF DNS records for all incoming emails. If an SPF record exists, the query results can be any one of the following:

oPass: the message meets the domain's definition of legitimacy.
oNeutral : the message does not meet a domain's definition of
legitimacy, but the SPF client MUST proceed as if a domain did not
publish SPF data. Likely used by domains in transition phase
who are beginning to adopt SPF.
oSoftfail : the message does not meet a domain's strict
definition of legitimacy, but the domain cannot confidently state
that the message is a forgery.
oFail : the message does not meet a domain's definition of
legitimacy.

If the result is "Pass" the email will pass the SPF filter. Behavior for all the other failing results can be customized by the administrators in the SpamFilter GUI by adjusting the settings in the Settings - SPF Filter tab.

 

In SpamFilter Enterprise, each setting can be configured independently for each email domain.

 

Figure 5

Figure 5