Thomas Hajdukowicz

Sender Policy Framework (SPF) is an e-mail validation system designed for preventing e-mail spam by detecting e-mail spoofing, a common vulnerability and threat by verifying the sender’s IP addresses. SPF allows the administrators to specify which the hosts allowed to send mail from a given domain by creating a particular SPF record in the Domain Name System. Mail exchangers use the DNS for checking that whether the mail from a given record domain is being sent by a host sanctioned by that particular domain’s administrators.

How to handle SPF

When a domain publishes an SPF record, spammers are less likely to forge e-mails pretending to be from that domain and the reason for this being that the forged e-mails are more likely to be caught by the spam filters which continuously check the SPF record. Hence, an SPF protected domain is much less attractive to the spammers. Because of an SPF protected domain is less attractive as being a spoofed address, it is less likely to get blacklisted by the spam filters and so the e-mail being sent is more likely to get through.

Compliance with SPF consists of three interrelated tasks. The first task is to Publish a policy. Domains and hosts identify the machines which are authorized to send e-mails on their behalf. This is done by them by adding additional records to their existing DNS information; every domain name or host that has a record must have an SPF record, specifying the policy whether it is used as HELO argument or an e-mail record. Validating the SPF record is recommended highly and can be done through testing tools provided on the SPF Project webpage.

The next task is to Check and use SPF information. Receivers use ordinary DNS queries, which are cached to enhance the performance and then interpret the SPF information as per specified, hence acting on the result. The next task is to Revise mail forwarding. Plain mail forwarding is not allowed by Sender Policy Framework. The alternatives in this case are: Re-mailing, i.e. replacing the original sender with the one belonging to the local domain, Refusing,White listing, so that it will not refuse a forwarded message and Sender Rewriting Scheme, a complicated mechanism that handles routing non-deliver notifications to the original sender.

SPF has many potential advantages beyond helping to identify the unwanted mail. If a sender provides the SPF information, then the receivers can use SPF PASS results in combination with a white list to identify the known reliable sender.

[ Posted Thu, 13 Mar 2014 13:28:27 ]