The IT Law Wiki
Don't have an account?
Register
Advertisement
Register
in: Definition, Standards, E-mail

Sender Policy Framework

Edit

Definition[]

Sender Policy Framework (SPF) is "the standardized way for a sending domain to identify and assert the mail senders for a given domain."[1]

Overview[]

"SPF was designed to address phishing and spam being sent by unauthorized senders (i.e. botnets). SPF does not stop all spam, in that spam email being sent from a domain that asserts its sending MTAs via an SPF record will pass all SPF checks. That is, a spammer can send email from a domain that the spammer controls, and that email will not be result in an failed SPF check. SPF checks fail when mail is received from a sending MTA other than those listed as approved senders for a purported domain. For example, an infected botnet of hosts in an enterprise may be sending spam on its own (i.e. not through the enterprises outgoing SMTP server), but those spam messages would be detected as the infected hosts would not be listed as valid senders for the enterprise domain, and would fail SPF checks."[2]

References[]

  1. NIST Special Publication 800-177, at vi.
  2. Id. at 23.
Community content is available under CC-BY-SA unless otherwise noted.
Advertisement