SPF

From Postmaster Administration Wiki
Jump to: navigation, search

Sender Policy Framework

SPF is a protocol to document the official origin mail servers of organisations. It works by checking the SMTP client's connecting IP address or host name against a list of hosts specified by a DNS TXT or SPF resource record for the envelope sender's domain given as part of an SMTP transaction. It provides the ability to cross check domains and mail servers and weed out attempts at phishing and domain spoofing.


Disadvantages

  • The SPF syntax can be a little complex and error prone. OpenSPF has tools to help with validating records.
  • SPF has problems when used in conjunction with mailing lists, for which SRS or VERP were proposed solutions.
  • For SPF to work effectively, an organisation has to accurately document and maintain their outbound mail servers. This may involve accounting for nomad users on 3rd party networks; for this reason an organisation should provide a Mail Submission Port (587) to handle mail for its domains, instead of letting their nomads send mail from untrusted networks.
  • Adoption has been slow.


Advantages

  • Works pre-DATA in an SMTP transaction.
  • Works well in conjunction with DKIM, now part of the DMARC specification.


References

  • RFC 4408 Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1#
  • RFC 6376 DomainKeys Identified Mail (DKIM) Signatures
  • OpenSPF