SPF is an abbreviation of Sender Policy Framework, which is an email validation system designed to detect email spoofing.
Why was SPF implemented?
Before 2002, when the idea of SPF was brought to public attention and stirred a broad discussion, electronic mail exchange relied on SMTP (Simple Mail Transfer Protocol), with no additional sender address checking. The problem of SMTP is that it does not verify the validity of the sender's address, so the the sender can put any email address they want in the "from" section.
This deficiency was frequently taken advantage of by spammers and phishers. Phishers could enter a forged email address in the "from" section and send emails to bank clients, who, not suspecting anything untoward, shared personal bank details. This way, spammers and phishers were hiding their real identity and avoiding responsibility.
How does SPF work?
SPF allows the users to specify which computers are authorized to send emails from the domain name they have registered in the DNS. As the "from" section is at the beginning of the SMTP dialog, receivers can verify the SPF record. If the source address in the "from" section is unauthorized, the message gets rejected.
If the email address does not hold any SPF record, it is likely to be caught up in the spam filters, which improves the general situation with spamming.
Published: 2016-09-19 Last Updated: 2019-03-11