1 / 4

What is Sender Policy Framework (SPF)?

SPF is an acronym forSender Policy Framework. It outlines a form of authentication used by ISPs fordetecting fake sender addresses while receiving emails. DNS TXT records for thesending domain are used to determine if the sending IP address is a legitimateone. This is the very first step you can take to prevent spoofing of yoursending domains. The purpose of SPF is to rectify a vulnerability in the SMTP protocol wherein theSender Address is not validated.

spicesend
Download Presentation

What is Sender Policy Framework (SPF)?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What is Sender Policy Framework (SPF)? SPF is an acronym forSender Policy Framework. It outlines a form of authentication used by ISPs fordetecting fake sender addresses while receiving emails. DNS TXT records for thesending domain are used to determine if the sending IP address is a legitimateone. This is the very first step you can take to prevent spoofing of yoursending domains. The purpose of SPF is to rectify a vulnerability in the SMTP protocol wherein theSender Address is not validated. A brief history of SPF (Sender Policy Framework) The very first time SPFwas mentioned was way back in the year 2000 but it went mostly unnoticed. Asecond attempt was made later in the year 2002 and that was the genesis of theSender Policy Framework that we know today. The first experimental RFC wascreated in 2006 and was published as a proposed draft RFC 7208 in the year 2014.

  2. How does Sender Policy Framework (SPF) work SPF allows you tospecify which email servers are authorized to send emails on your behalf, thisis accomplished using DNS records. Receiving emailservers will verify the SPF information included in the DNS records of thesending domain and will accordingly either flag the email as SPF pass or fail,in most cases, the mail that doesn't pass the SPF test is rejected. What is an SPF record SPF record is a DNS TXTrecord that specifies the servers are allowed to send mail on behalf of yourdomain. In most cases, there should just be just a single SPF record perdomain. An example of an SPFrecord is a TXT record like the one given below. yourdomain.com, TXT, "v=spf1 a mxinclude:anotherdomain.com ~all" In this example, thevalid senders are the servers in the 'A' and 'MX' record for 'yourdomain.com'and the servers described in the SPF TXT records for 'anotherdomain.com'. How do we verify our SPF records? The first thing youmight want to do is check if you have published your DNS TXT record for SPFcorrectly. Going back to the example we looked at earlier. yourdomain.com, TXT, "v=spf1 a mx include:anotherdomain.com~all" You can see that it ends with '~all', now there are a few other options for the qualifier '~'. It can any of the four values given below.

  3. "+" Pass "-" Fail "~" SoftFail "?" Neutral Evaluation of the SPFrecord have the following results based on the four qualifiers: Result Explanation Intended action Pass accept The record indicates that this host can send email on behalf of the domain Fail reject The record indicates that the host shouldn't be allowed to send SoftFail The record indicates that the host shouldn't be allowed to send but is in transition accept but mark Neutral accept The record indicates that nothing can be said about validity None The domain doesn't have a valid SPF record accept PermError unspecified The record is poorly formatted which has lead to a permanent error TempError A transient error has occured accept or reject Fortunately there are afew good online tools that can verify that you have setup your SPF recordscorrectly.

  4. 1.Scott Kitterman's SPF tools: https://www.kitterman.com/spf/validate.html 2.Mxtoolbox's SPF lookup: https://mxtoolbox.com/spf.aspx 3.Dmarcanalyzer: https://www.dmarcanalyzer.com/spf/checker/ Limitations of SPF (Sender Policy Framework) The SPF policy clearly statesthat you can't have more than 10 DNS lookups to resolve a single SPF record, sowhen you are allowing another service to send on your behalf make sure thattheir SPF records don't go further back. Every time you changeyour mail servers you will need to modify the SPF records with the newinformation. SPF records refer tothe return-path header in your emails, they are unfortunately not connected tothe readable "From" address that shows up in the content, most peoplenever look at the return-path and that becomes a problem. How this benefits you Even though it's not mandatory for you to publish an SPF record for your domain, having that enables your email recipients to authenticate against the same . SPF in itself doesn't guarantee that your domain will be unspoofable but when used in conjunction with DKIM and DMARC it can be very effective. Need an email marketing tool with great email deliverability? Try SpiceSend today - forever free, for up to 5000 emails per month!

More Related