Definition Edit

Sender Policy Framework (SPF) is "the standardized way for a sending domain to identify and assert the mail senders for a given domain."[1]

Overview Edit

"SPF was designed to address phishing and spam being sent by unauthorized senders (i.e. botnets). SPF does not stop all spam, in that spam email being sent from a domain that asserts its sending MTAs via an SPF record will pass all SPF checks. That is, a spammer can send email from a domain that the spammer controls, and that email will not be result in an failed SPF check. SPF checks fail when mail is received from a sending MTA other than those listed as approved senders for a purported domain. For example, an infected botnet of hosts in an enterprise may be sending spam on its own (i.e. not through the enterprises outgoing SMTP server), but those spam messages would be detected as the infected hosts would not be listed as valid senders for the enterprise domain, and would fail SPF checks."[2]

References Edit

  1. NIST Special Publication 800-177, at vi.
  2. Id. at 23.

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.