An extension of SMTP which stops email spammers from forging the "From" fields in an e-mail. Due to SMTP itself does not have the mechanism to authenticate, SPF provides the authentication scheme by specifying which computers are authorized to send email from a specific domain.
To use SPF, the domain sending e-mails must establish an SPF record that is published in DNS records. When e-mail passes through the DNS server, it is compared to the SPF record for that domain to determine if the sender is authorized to send e-mails from that sender's address. If the e-mail comes from a domain that is not authorized, the DNS server will not forward the e-mail to the expected destination.
SPF only stops the spammer from forging the "From" field in the e-mail and does not stop the spammer from sending e-mails from a domain in which it is a member.
To use SPF, the following standard have been declared.
domain.com. IN TXT "v=spf1 include:spf.mschosting.com -all"
From the rules, v stand for the version of SPF and currently available for spf1(version 1) only.
Eight mechanisms are defined:
- ALL - Matches, used default result like -all
- A - A record that can be reach.
- IPv4 - IPv4 address range.
- IPv6 - IPv6 address range.
- MX - Mail Exchange record match.
- PTR - Reverse DNS (Record).
- EXISTS - If the given domain name resolves to other name.
- INCLUDE - Include policy.