It’s important to understand the vulnerabilities of email messages. They contain two from addresses:
- The first is the Return Path, which appears in the header of each message and is obscured to email recipients. The Return Path tells mail servers where to return the message if it isn't deliverable.
- The other is the From address that appears in the visible part of the email. It's also the address used when an email recipient replies to a message.
Both from addresses can be spoofed by spammers. Thankfully, when configured properly, email authentication combats this spoofing. The Sender Policy Framework (SPF) is one way to authenticate the sender of a message.
SFP is an email authentication protocol that allows the owner of a domain to specify which mail server IPs they use to send email for a given domain. By creating an SPF record and adding it to a domain's DNS, receiving mail servers know which IP addresses can send email on behalf of the domains sending emails to them.
Receiving mail servers verify the SPF record by looking up the domain name listed in the return path. The message fails SPF authentication if the IP address sending the email isn’t listed in the SPF record.
One problem with SPF is that keeping the records updated is difficult due to lack of visibility. Another is that even if a message fails SPF it could still end up in the user's inbox. It also breaks when forwarding an email. Finally, it won't prevent people from spoofing the visible From address on an email.
For these reasons, SPF needs DKIM and DMARC in place along with it for greatest effectiveness.
For more information about SPF, as well as DKIM and DMARC, please see our blog post: Understanding SPF, DKIM and DMARC. Here you'll find details of the actual records and an in-depth description of each piece of an SPF, DKIM and DMARC record, as well as resources that can help you create and analyze each record type.