Sender Policy Framework

Best Practices/SMTP Authentication

Combine a strict SPF policy with authenticated SMTP.

You can create a strict SPF policy, and still allow end users to send authenticated mail from your domain using their home or travel ISP. Authenticated SMTP has had limited deployment until now, but SPF provides a compelling reason to adopt it. Many ISPs block outgoing port 25, but end users can still relay mail that passes a strict SPF policy using the MSA port 587 with authenticated SMTP (SMTP AUTH). RFC 5068 recommends this as a "Best Current Practice".

Multi-domain SMTP server considerations.

If the server is used by multiple domains not under common administrative management, then SMTP Auth user IDs must be tied to specific e-mail addresses in order to limit the risk of cross user forgery.

Unless noted otherwise, all content on this website is dual-licensed under the GNU GPL v2 and the Creative Commons CC BY-SA 2.5.
The openspf.org domain name was donated by James Couzens, and related domain names by John Pinkerton. Thanks!

Sender Policy Framework

Best Practices/SMTP Authentication

Combine a strict SPF policy with authenticated SMTP.

Multi-domain SMTP server considerations.

The SPF Project

Documentation

Support