Sender Policy Framework (SPF)

SPF (in this context) stands for Sender Policy Framework. It is an authentication scheme intended to prevent address spoofing. So what is address spoofing? Ever get a rejected email (called an email bounce-back message), that says a message that you sent couldn't be delivered? You check the message, and discover you never sent it in the first place?!!? This is often caused by some spammer using your email address as the reply-to address on their spam, and is called address-spoofing.

SPF helps elimate address-spoofing, if set up properly. Basically, all you have to do to use SPF to protect your email addresses is to indicate what computers or devices are allowed to send email from your domain. This information is included in the SPF record, which many email utilities (such as SpamAssassin) make easy to create. Then, if mail is received from any other address other than that of the machines you've listed in your SPF record but claims to be from you, the recipient's server believes that it's a spammer and can reject the message.

Sound good? It is, except...

1. Make sure that if you are going to travel, or have remote offices, that you include all possible domains from which you may send email in your SPF record, so that your recipient's servers don't reject your email!

2. This only works if the recipients' email servers check SPF records. Some may not.

Still, it's a good thing to implement, and may reduce the amount of spam you get, and more importantly keep your address reputation in tact, and off the blacklists!

For more information on SPF records, please check out the following link: