Email

The Sender Policy Framework (SPF) prevents sender address forgery. It protects the envelope sender address, which is used for the delivery of messages. SPF allows the owner of a domain to specify mail sending policy like which mail servers they use to send mail from their domain.

The objective is that other mail systems can check to make sure the server sending email from that domain is authorized to do so. It reduces the chance of email spoofing, phishing schemes and spam.

Example

example.com. TXT "v=spf1 mx a:pluto.example.com include:aspmx.googlemail.com -all"

Explanation

  • v=spf1 means SPF version 1
  • mx is the incoming mail servers (MXes) of the domain that are authorized to send mail
  • a:pluto.example.net means that the machine pluto.example.net is authorized too
  • include:aspmx.googlemail.com means everything considered legitimate by gmail.com is legitimate for example.com too
  • -all means all other machines are not authorized

SPF and DKIM

Along with SPF, you should also add DKIM (Domain Keys Identified Mail)

SPF is a DNS text entry that shows a list of servers that should be considered allowed to send mail for a specific domain. DKIM is a method to verify that the contents of the messages is trustworthy, meaning that they weren't changed from the moment the message left the initial mail server.

DMARC (Domain-based Message Authentication, Reporting and Conformance) empowers SPF and DKIM by stating a clear policy and allows to set an address which can be used to send reports about the mail messages statistics gathered by receivers against the specific domain.

How Does it Work

Upon receipt of email, the message and the sender address are fetched by the receiving mail server. The receiving mail server runs an TXT DNS query against the claimed domain SPF entry. The SPF entry data is then used to verify the sender server. In case the check fails, a rejection message is given to the sender server.

Types of E-Mail Abuse

  • Spammers want to avoid receiving non-delivery notifications (bounces) to their real addresses.

  • Fraudsters want to cover their tracks and remain anonymous.

  • Computer worms want to cause confusion or just don’t care about which sender addresses they use.

  • Phishers (password fishers) want to impersonate well-known, trusted identities in order to steal passwords from users.

Sender Addresses in E-Mail

Like traditional paper letters, e-mail messages have at least two kinds of sender addresses: one on the envelope and one in the letterhead.

The envelope sender address (return-path) is used during the transport of the message from mail server to mail server. For example, to return the message to the sender in the case of a delivery failure. It is usually not displayed to the user by mail programs.

The header sender address of an e-mail message is contained in the "From" or "Sender" header and is what is displayed to the user by mail programs. Generally, mail servers do not care about the header sender address when delivering a message.