• ProgIST CyberSec Division

What is SPF & it's best practices?


What is SPF?


The Sender Policy Framework (SPF) is an email-authentication technique which defines a way to validate whether an email was sent from an authorized mail server in order to prevent spam. SPF allows the receiving mail server to check whether a mail claiming to come from a specific domain is submitted by an IP address authorized by that domain's administrators. Together with the DMARC related information, this gives the receiver (or receiving systems) information on how trustworthy the origin of an email is. The list of authorized sending hosts and IP addresses for a domain is published in the DNS (Domain Name Service) records for that domain.


What does SPF DO?


Suppose a spammer forges a hotmail.com address and tries to spam you. They connect from somewhere other than Hotmail. When his message is sent, you see MAIL FROM: , but you don't have to take his word for it. You can ask Hotmail if the IP address comes from their network. (In this example) Hotmail publishes an SPF record. That record tells you (your computer) how to find out if the sending machine is allowed to send mail from Hotmail. If Hotmail says they recognize the sending machine, it passes, and you can assume the sender is who they say they are. If the message fails SPF tests, it's a forgery. That's how you can tell it's probably a spammer.



What are the best practices for SPF?


DNS lookup for SPF record should not exceed 10 DNS lookup. If you have more than ten lookups in your record, a permanent error could be returned during the SPF authentication process. DMARC treats that as fail since it's a permanent error, and all SPF permanent errors are interpreted as fail by DMARC.

SPF was the first email authentication scheme to achieve widespread adoption, but it’s not the only one out there. SPF authentication is most effective when deployed in combination with other anti-fraud techniques such as DMARC.

  • LinkedIn
  • Twitter
  • Facebook

© 2020 by Progist.