How to Describe SPF in Simple Terms
Announcement by Employee - 10/8/2019 at 8:10 AM
Employee Post
Email authentication can be technical and confusing. Even security professionals need help explaining it in simple terms to colleagues.

It’s important to understand the vulnerabilities of email messages.  They contain two from addresses.  One is the return path which the end user doesn't see.  The other is the from address that appears in the visible part of the email.

The return address tells mail servers where to return the message to if it isn't deliverable.  It lives in a hidden email header.  This header includes technical details.  Servers use these details to understand who the message is for and what software composed it.

Both from addresses are spoofable by criminals and spammers.  Email authentication combats this spoofing.

Sender Policy Framework is an email authentication protocol.  It allows the owner of a domain to specify which mail servers they use to send email from that domain.  They publish SPF records in the DNS.  The records list which IP addresses can send email on behalf of their domains.

Email providers verify the SPF record by looking up the domain name listed in the return path.  The message fails SPF authentication if the IP address sending the email isn’t listed in the SPF record.

A domain protected by SPF isn't as attractive to phishers.  It's also less likely to end up on a spam blacklist.  

One problem with SPF is that keeping the records updated is difficult due to lack of visibility.  Another is that even if a message fails SPF it could still end up in the user's inbox.  It also breaks when forwarding an email.  Finally, it won't prevent people from spoofing the visible from address on an email.

For these reasons, SPF needs DKIM and DMARC in place along with it for greatest effectiveness.

To see recommended spam settings in SmarterMail, please see this knowledge base article:

Reply to Thread