Sender Policy Framework

FAQ/What it does

What does SPF actually DO?

Suppose a spammer forges a hotmail.com address and tries to spam you.

They connect from somewhere other than Hotmail.

When his message is sent, you see MAIL FROM: <forged_address@hotmail.com>, but you don't have to take his word for it. You can ask Hotmail if the IP address comes from their network.

(In this example) Hotmail publishes an SPF record. That record tells you (your computer) how to find out if the sending machine is allowed to send mail from Hotmail.

If Hotmail says they recognize the sending machine, it passes, and you can assume the sender is who they say they are. If the message fails SPF tests, it's a forgery. That's how you can tell it's probably a spammer.

Unless noted otherwise, all content on this website is dual-licensed under the GNU GPL v2 and the Creative Commons CC BY-SA 2.5.
The openspf.org domain name was donated by James Couzens, and related domain names by John Pinkerton. Thanks!

Sender Policy Framework

FAQ/What it does

What does SPF actually DO?

The SPF Project

Documentation

Support