Sender Policy Framework

Sender Policy Framework (SPF) tackles email address forgery. Without SPF it is very easy to send e-mails using someone else’s email address. Often you get spam from yourself – this is because the spammer puts your e-mail address as the sender.
In order for SPF to work you need to publish a list of IP addresses that are used to send e-mails to other users on the Internet. When you send an email to someone else on the Internet your SMTP server connects to the recipient’s SMTP server, which knows the IP address of your SMTP server. The recipient’s server can compare this IP with the published records in the DNS for your domain. This is how the recipient’s server can find out if the email was sent by your server or someone posing to be a user on your domain.
adview

Does SPF stop spam?

SPF can stop spam to a certain extent. Although spammers can still send you unwanted e-mails, they will be forced to use their own domain. SPF can effectively stop viruses or worms from an infected machine that send out thousands of message to everyone found in your address book.

How do I publish my IP Addresses?

Follow the steps below to publish SPF records.

  • Gather the list of IP addresses that you know can send email to the Internet from your organization
  • Use this wizard to create an SPF entry for your DNS
  • Update your DNS with the string created by the wizard

Once your DNS contains necessary SPF constructs, any server can query it to find out what IP addresses should your email come from.

Example

For the purpose of this example let us assume the following is true:

Your domain name is: mydomain.com
Your e-mail is handled by: There are 2 MX records defined in the DNS 199.199.199.1 199.199.199.2
Your web address is: This refers to your A record 199.199.199.3 199.199.199.4
Other SMTP servers on your network: 199.199.199.5 199.199.199.6
No other servers are used to send out e-mails for “mydomain.com”

You can enter the following SPF record, which is a TXT record in the DNS like:

​"v=spf1 a mx ip4:199.199.199.5 ip4:199.199.199.6 -all"

This entry tells the recipients SMTP server that an email where the sender’s address contains “mydomain.com” can only come from certain IP addresses. If any other IP address is used to send message the recipient can reject it.
Each element in the SPF string is separated by a white space. The table below explains what each entry means.

v=spf1 This is the version of SPF
a Signifies that email can come from any IP address listed as an A record in the DNS
mx Signifies that email can come from any IP address listed as an MX record in the DNS
ip4:199.199.199.5 Email can also come from these IP addresses
-all This means that email can only come from these IP address. If any other IP address is used the recipient should reject it. Click here for other possible values for this field.

This Document is provided by ITA Networks, home of your total email security solution Spam Marshall. Please visit www.itanetworks.com for more info.

Further Reading

You might also want to read the following related articles:

Links

Spam Marshall Home Page