This entry is part 1 of 2 in the series Nutshells

In this article, I shall explain how Sender Policy Framework (SPF) works, its benefit & and a real-life example.

Idea:
With SPF, we could check if the received  E-Mail is from the legitimate IP Address & defend against E-mail spoofing. SPF could be implemented to enhance E-Mail security in general.

Procedure:
1. The sender of the E-Mail would advertise the IP addresses of the servers that are allowed to send E-Mails for his/her domain. The IP addresses are published in form of SPF records. SPF record is generally a DNS text record with a particular format
2. Upon receiving an E-Mail, the receiver will perform a DNS lookup to check whether a SPF record for the sending domain exists
3. If the SPF record exists, then the receiving Mail Gateway will further check if the IP Address that is sending this E-Mail is listed as a permitted sender in the SPF record or not
4. If the sending mail gateway’s IP address is listed as permitted sender, then the E-Mail is accepted else (normally) rejected

Real Life Example:
I am very pleased to announce that, the Trybe Team is using the SPF feature!
In the following image, you could see that an E-Mail received by my Gmail account from Trybe team has passed the SPF check. 🙂
In plain words, it means that the Gmail’s mail gateway performed SPF check on this E-mail & confirmed that the IP address 168.245.74.224 is a permitted sender listed in the SPF records of Trybe team.

 

E-mail from Trybe Team passed the SPF check


Conclusion:

SPF is a very simple and easy to implement technique. Most of the DNS resolvers are compatible and support SPF records.
The drawback of the SPF, it that does not ensure E-Mail integrity.

I hope you find this helpful!  Please feel free to provide your suggestion or opinions.
Thanks 🙂


This Article has Earned 400 Tokens.
Total Reviews: 2, Average Rating: 5 out of 5
Your Reviews Today : 0 of 21 (resets every 24hrs CET)

Discussions

Reviews

Login Message Here!

Average Review Rating

5 / 5

No more reviews to load.