What is SPF (Sender Policy Framework) And Overview of SPF mechanism

The Meaning of SPF (Sender Policy Framework)

Sender Policy Framework (SPF) is a validation system that allows ISPs and mail servers to check if the incoming mail has been sent from an authorized server. By using the IP address of the sending server and the DNS records of your domain, ISPs can check if the sending server is authorized. If email is coming from an unauthorized sender, the emails will be marked as spam or moved to junk.

How does SPF work

Connection over the Internet use DNS (Domain Name System) to resolve Domain Name to the IP (Ipv4) Address . Each domain should contain MX (Mail Exchanger) in domain’s DNS Zone Record file.Th purposes of MX Record is to inform the sender email server where is the target mail server location.

SPF Job is to publish the reverse MX DNS records of the mail server , in other words SPF is like broadcasting information about the source mail server that send the mail from the domain,then the recipient mail server can check theses “published record by SPF” to insure that the incoming e-mail is coming from trusted sender or trusted domain.

SPF operates at the level of the SMTP transaction, and requires these information:

• The MAIL FROM: parameter of the incoming mail
• The HELO or EHLO parameter of the sending SMTP server (used for Mailer-Deamon bounces which send a blank MAIL FROM)
• The IP address of the sending SMTP server

SPF Record Syntax Example

lets try to explain the simple SPF record for domain exampledomain.com

The parts of the SPF record mean the following:

SPF Mechanisms

The bellow are an overview of SPF mechanism syntax  may include in the SPF record:

• “+”    Pass : The SPF record designates the host to be allowed to send , The Actions is accept
• “-”    Fail: The SPF record has designated the host as NOT being allowed to send, Intended  Action :reject
• “~”    SoftFail:The SPF record has designated the host as NOT being allowed to send but is in transition , Intended  Action :accept but mark
• “?”    Neutral:The SPF record specifies explicitly that nothing can be said about validity , Intended  Action :accept
• “all” mechanism:This mechanism always matches. It usually located at the end of the SPF record.
• “ip4” mechanism:An IPv4 network range. If no prefix-length is given, /32 is default.
• “ip6″ mechanism:An IPv6 network range. If no prefix-length is given, /128 is default
• “a” mechanism:All the A records for domain are tested. If the client IP is found among them, this mechanism matches.
• “mx” mechanism:All the A records for all the MX records for domain are tested in order of MX priority.
• “ptr” mechanis:The hostname or hostnames for the client IP are looked up using PTR queries.
• “exists” mechanism:Perform an A query on the provided domain. If a result is found, this constitutes a match. It doesn’t matter what the lookup result is
• “include” mechanism:The specified domain is searched for a match. If the lookup does not return a match or an error, processing proceeds to the next directive.
• “exp” modifier:If an SMTP receiver rejects a message, it can include an explanation.