SPF - Sender Policy Framework
SPF focuses on the "Domain" found in an email header that has many names, Return-Path,Mail-From, Bounce Address, Envelope from. in this article we will refer to it as the Return-Path, if this header is missing , SPF falls back and looks at the HELO/EHLO hostname and checks for an SPF records
This verifies if an email was sent by an authorized sender by checking a list of authorized IP addresses you publish in your DNS, the receiving server will take the domain found in the return- path header and check for an existing SPF record, it checks the SPF record to see if the sending IP address of the email is actually contained in the SPF record.
if the IP address is contained in the SPF record that means that it is authorized to send emails. this means that SPF PASSED, if the IP address is not in the SPF record that SPF FAILS
- The overall logic is:
If the sending IP address is contained in the SPF record = SPF PASS
If the sending IP address is not contained in the SPF record = SPF FAIL
How does SPF Works?
how SPF prevent spoofing and phishing
Each SPF record contains 3 part -
The declaration part that is SPF record
The IP addresses that are allowed to send email on behalf of your domain
Enforcement rule
* spf record explaination
v=spf1 <IP address #1> <IP address #2> <IP address #3> <Enforcement Rule>
The enforcement Rule have following options -
-all (Hard Fail) - Mark the message with 'Hard Fail' - when you know all the ip addresses for your domain
~all (Soft Fail) - Mark the message with 'Soft Fail' - when you are not sure that you have the complete list of ip addresses.
?all (Neutral) - Mark the message with 'neutral' - used for when testing SPF
SPF Record Example -
