- A method of authenticating email by verifying sender IP addresses in order to prevent spam.
SPF is a system designed to address security issues with SMTP, the main protocol used to send email that does not provide for additional security through verification measures. Using SMTP, email spammers can change the source address of emails at will and therefore avoid detection by spam filters. Phishing scams work much the same way, with the sender address changed to appear as if the message had originated from a legitimate sender. Cybercriminals usually copy the brand look and feel of banks, social networks and other well-known entities to entice recipients into clicking through to fraudulent websites where user information like passwords or account numbers can be stolen.
To prevent such email spoofing, SPF uses Domain Name System (DNS) records to allow Internet domain owners to specify which computers are approved to use sender addresses in that particular domain when sending mail. Receivers reviewing SPF records can then reject messages from unauthorized senders. If such a rejection takes place, the unauthorized client may receive a rejection message. In the case of where a Message Transfer Agent is involved, a bounce message would be generated.
Implementing SPF is highly encouraged as a part of email marketing best practice as receivers can use SPF PASS results together with white lists to prevent spam. Cyber criminals are less likely to use email domains that implement SPF in their phishing scams as these emails are likely to be caught in spam filters. Other email marketing best practices include implementing DKIM and DMARC recommendations.