SPF

Framework to prevent forgery of email-sender address

The Sender Policy Framework (SPF) allows software to identify emails that have forged sender addresses before they enter a system.

The normal SMTP protocol allows anyone to send an email with an arbitrary 'From' address, a method that is widely used by spammers to prevent their messages from being filtered and to make their emails appear genuine.

If a domain supports SPF, it stores in its DNS entries those IP addresses that are allowed to send email from the domain. A receiving SMTP server can compare the IP address that tries to send an email with the allowed addresses of the domain(s) provided in the HELO and MAIL FROM commands.

SPF has two benefits: it helps the receiving mail server block spam before it enters the system and it helps reduce backscatter spam for users on the domain that is being forged.

SPF does not block spammers who use their own domains to send email, neither will it block spammers who use legitimate email services, such as webmail, to send their spam or users who pretend to be another user on the same domain. In theory it is also possible to use SPF for DoS attacks on DNS servers.

Related web links

OpenSPF: Official SPF website

Glossary


	Similar entries Bayesian filter Challenge-response Content filtering DKIM DNSBL Greylisting MAAWG Markovian discrimination Opt-in Opt-out URIBL See also Glossary Resources

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

VB100 certification


	This month's VB100 test saw some major changes and a radical overhaul of the VB100 test methodology - for the first time allowing products to use their 'cloud' look-up systems. John Hawes has all the details. See full results.

Virus Bulletin currently has 224,238 registered users.

Fighting malware and spam

SPF

Related web links

See also