Sender Policy Framework

Use Feedback methods from SPF and other email authentication technologies

An effective SPF deployment is accurate and complete. Verifying the quality of SPF deployment was historically challenging.

The earliest approach was to use SPF macros to enable information about SPF checks to be captured in DNS logs. This was one of the earliest SPF records published:

altavista.net. 7200 IN TXT "v=spf1 +exists:CL.%{i}.FR.%{s}.HE.%{h}.null.spf.altavista.com -all"

This specific approach is discussed in RFC 7208 Appendix C.

A dedicated feedback report mechanism was introduced in RFC 6652. This allows receivers to use email feedback reports (as defined in RFC 5965) to report SPF failures.

More recently, DMARC, which supports integrated assessment of both SPF and DKIM provides methods to report both individual authentication failures or periodic summaries of the authentication status of email recieved. DMARC has been deployed by many of the largest mailbox providers like Yahoo! and Google. This is a substantial step forward to provide a reliable method to answer the long standing question of "How do I test my SPF record". The initial DMARC specification has been published as RFC 7489.