For almost as long as there have been emails - spam has been a cause for concern for most. Not only for the targeted individuals, but also for the companies whose brands and addresses have been misused and products sold illegally. This month we turn our focus towards the Sender Policy Framework as a means for domain holders to combat the ever illusive problem of SPAM.
Introduction
SPF was introduced back in 2005 and has since then become widely used as a means for domain name administrators to defend their domain name(s) from being misused by spammers to send out unconsolidated commercial emails.
How does it work?
Implemented into the DNS TXT record of any given domain name, the SPF record holds a list of addresses, which has been set as valid sender(s) for the given domain name. The recipients mail server can then validate the origin of emails received simply by checking the DNS settings of the senders domain name. Obviously this alone does not guarantee that the emails you send will be cleared by the recipients spam filter. However it should make them a lot less likely to be marked as SPAM.
Example
A company with the domain name test.com wish to configure an SPF record for their domain name. They are using the email server smtp.isp.edu (IP: 123.123.123.123) as their outgoing SMTP-server. Furthermore they have a website application from where they send automated emails to their clients. The web server for this application is located at IP 111.222.111.222.
The SPF record for this setup could look something like this:
“v=spf1 a:smtp.isp.edu ip4:111.222.111.222 -all”
By adding the above record we can tell other mail servers that emails send from @test.com addresses, either via smtp.test.com or via 111.222.111.222, are legitimate emails. Everything else is not and should be dealt with accordingly.
How does this concern me?
Well, SPAM concerns everyone. From a general point of view you can help in the fight against SPAM. The Sender Policy Framework is designed to become increasingly efficient - The more domain names using SPF records, the more ISPs (Internet Service Providers) would be inclined to implement these checks; thus helping everyone.
From your point of view spammers will be less likely to use your domain name as the sender address when they spam. This should reduce/eliminate bounced emails send back to you in response to messages that you did not actually send in the first place as well as any attempt in spoofing activities using your domain name as the sender.
Last but not least, emails that you send will be less likely not to reach their destination. This should be enough of an incentive for any company to consider implementing SPF records in the DNS of domain name.
External resources & links
To learn more about SPF records, try the one of the following sites.
SPF Introduction
Open SPF, Introduction
SPF Common mistakes
Open SPF, Common mistakes
SPF Wizard
Open SPF, Wizard
Wikipedia
Wikipedia, Sender policy framework




