SPF authentication

Sender Policy Framework

Home » Knowledge Base » SPF authentication

Definition: What is SPF? (Sender Policy Framework)

This sender authentication technique is extremely easy to implement. The principle is simple: after extracting the sender’s domain (“MAIL FROM:” from the SMTP message envelope, not the “From:” field in the header), a TXT-type DNS query is performed on the domain in question to find out the list of mail servers authorized to send e-mails, and to compare it with the IP address of the server sending the message.

Unfortunately, however, this technology has a problem when it comes to email forwarding: in this case, the sending server is not necessarily the mail server of the original sender of the email. On the other hand, when setting up SPFs, you need to be exhaustive, otherwise the SPF rule will not be respected. In some architectures, it’s even preferable not to set SPF fields at all, rather than run the risk of not respecting it! To be sure, you can check the complete list of your sending servers via DnsLookup.fr (see #15 of http://dnslookup.fr/faq.php).

Example

The presence of the following TXT field: domain.tld IN TXT “v=spf1 mx ~all” is sufficient, for example, to consider that a domain’s sending servers correspond to its MX servers.

To simply define an IP address, use the syntax: “v=spf1 ip4:192.168.0.1/32 ~all”.

Learn about HORNETSECURITY’S SERVICES

Service Thumbnail : Security Awareness Service
Service

Security Awareness Service

Bring secure behavior to the next level with fully automated, AI-powered Awareness Benchmarking, Spear-Phishing-Simulation and E-Training.

Read more

Did you like our contribution to SPF authentication? Then other articles in our knowledge base might interest you as well! We help you learn more about cybersecurity related topics such as EmotetTrojans, IT SecurityCryptolocker RansomwarePhishingGoBDCyber Kill Chain and Computer Worms.