Sender Policy Framework

SPF – Sender Policy Framework

We have has some queries recently from users about Sender Policy Framework (SPF). What is SPF – is an open standard specifying a technical method to prevent sender address forgery. In computing, Sender Policy Framework (SPF) allows software to identify messages that are or are not authorized to use the domain name in the SMTP HELO and MAIL FROM (Return-Path) commands, based on information published in a sender policy of the domain owner.
Most people have experienced some abuse of an e-mail address e.g. when you received an error message saying that a message allegedly sent by you could not be delivered to the recipient, although you never sent a message to that address.
Sender address forgery is a threat to users and companies alike, and it even undermines the e-mail medium as a whole because it erodes people’s confidence in its reliability. That is why your bank never sends you information about your account by e-mail and keeps making a point of that fact.

Common Types of E-Mail Abuse where the Sender Address is Forged

  • Spammers want to avoid receiving non-delivery notifications (bounces) to their real addresses.
  • Fraudsters want to cover their tracks and remain anonymous.
  • Computer worms want to cause confusion or just don’t care about which sender addresses they use.
  • Phishers (password fishers) want to impersonate well-known, trusted identities in order to steal passwords from users.

SPF is something that there is mixed opinions about, if you would like to discuss SPF with one of our technical team please contact spamtitan@titanhq.com.