Sender policy framework

Sender Policy Framework , SPF ( Sender Policy Framework ^[1] ) - extension for the protocol for sending email via SMTP . SPF is defined in RFC 7208 .

Thanks to SPF, you can check if the sender’s domain has been tampered with.

Content

1 principle of operation
2 prevalence
3 See also
4 notes
5 Links

Principle of Operation

SPF allows the domain owner to specify in the TXT record ^[2] corresponding to the domain name a list of servers that have the right to send email messages with return addresses in this domain .

Mail transfer agents receiving mail messages can request SPF information using a simple DNS query, thus verifying the sender server.

Example SPF data in a TXT DNS record:

  example.org.  IN TXT "v = spf1 + a + mx -all"

The “+” symbol is the default qualifier and may be omitted. The following example is similar to the previous one:

  example.org.  IN TXT "v = spf1 a mx -all"

v= defines the version of SPF to use. The following is a list of verification mechanisms: in this case, “a” allows receiving messages from a host whose IP address matches the IP address in the A record for example.org; “Mx” allows receiving messages if the sending node is specified in one of the MX records for example.org. The line ends with “-all" - indicating that messages that fail verification using the above mechanisms should be rejected. “~ All” can also be used - in this case, a letter that has not passed verification should not be rejected, but can be examined more carefully (SoftFail).

It should be noted that RFC 7208 defines various test results, including "Permerror" in case of an incorrect SPF record. One of the cases of an incorrect record is the presence of more than one record "v = spf1" (3.2. Multiple DNS Records). Care should be taken when creating the record and consult with RFC 7208 . On the Web, you can find online services for checking SPF records.

Prevalence

SpamAssassin version 3.0.0 and ASSP spam filtering software provide SPF support. Many Mail Transfer Agents (MTAs) have built-in SPF support ( CommuniGate Pro , Wildcat , Exim , Microsoft Exchange Server ). For other MTAs, there are patches or extensions that provide an implementation of SPF ( mailfromd for Postfix , Sendmail and MeTA1 ; SPF implementation for qmail ).

Currently, most well-known Internet services ( Amazon , AOL , EBay , Google , Hotmail , Microsoft , W3C ) and Runet ( Mail.ru , Yandex , Rambler , Pochta.ru ) provide SPF information about their domains.

Notes

↑ Using the Sender Policy Infrastructure Record to Validate Email Sent from a MSDN Domain
↑ The concept of SPF RR was introduced in RFC 4408 , but the use of SPF RR was deemed unnecessary in RFC 7208

Links

Sender Policy Framework - the official website of the standard.
Google Apps - “What are SPF Records, Creating an SPF Record”
Alexey Tutubalin “SPF technology - to introduce or wait?”
Microsoft Wizard

[1] Using the Sender Policy Infrastructure Record to Validate Email Sent from a MSDN Domain

[2] The concept of SPF RR was introduced in RFC 4408 , but the use of SPF RR was deemed unnecessary in RFC 7208