extension of SMTP which stops email spammers from forging the "From"
fields in an e-mail. Due to SMTP itself does not have the mechanism to
authenticate, SPF provides the authentication scheme by specifying which
computers are authorized to send email from a specific domain.
use SPF, the domain sending e-mails must establish an SPF record that
is published in DNS records. When e-mail passes through the DNS server,
it is compared to the SPF record for that domain to determine if the
sender is authorized to send e-mails from that sender's address. If the
e-mail comes from a domain that is not authorized, the DNS server will
not forward the e-mail to the expected destination.
only stops the spammer from forging the "From" field in the e-mail and
does not stop the spammer from sending e-mails from a domain in which it
is a member.
To use SPF, the following standard have been declared.
domain.com. IN TXT "v=spf1 a mx -all"
From the rules, v stand for the version of SPF and currently available for spf1(version 1) only.
Eight mechanisms are defined:
- ALL - Matches, used default result like -all
- A - A record that can be reach.
- IPv4 - IPv4 address range.
- IPv6 - IPv6 address range.
- MX - Mail Exchange record match.
- PTR - Reverse DNS (Record).
- EXISTS - If the given domain name resolves to other name.
- INCLUDE - Include policy.