The document discusses Sender Policy Framework (SPF) as an email authentication method designed to prevent spam by allowing domain owners to publish authorized mail servers. It describes how SPF works in conjunction with DMARC and DKIM to verify the authenticity of emails and outlines the processes for establishing compliance with SPF policies. Additionally, it highlights the limitations of SPF, including issues related to email forwarding and the lack of validation for the 'from' header.

1. Sender Policy Framework
(SPF) An Email
AuthenticationTechnique

2. Table of Contents
2
Sender Policy Framework (SPF)
Email Authentication
The Way Email Authentication
Works
Standards of Email
Authentication
Compliance with SPF
Limitations of SPF

3.  SPF refers to a technique that is related to email-authentication. It has been designed to prevent
spammers from using one’s domain to send messages. SPF aids an enterprise in publishing
authorized mail servers. This along with the information related to DMARC, equips the
receiving system with information regarding the trustworthiness of an email’s origin. It is only in
combination with DMARC that SPF can come in handy for the detection of any forge related to
the visible sender of an email.
 SPF lets the recipient mail server verify, at the time of the delivery of the mail, that an email
which claims to have originated from a specific domain has been submitted by an IP address
that is authorized by the administrators of that domain. Authorized sending hosts’ and IP
addresses’ list for a domain are published and contained in the DNS records that are related to
that domain.
3
Sender Policy Framework (SPF)

4.  Email authentication refers to a collection of standardized techniques that provide verifiable
information related to an email message’s origin. It is an effective solution that helps to prove
that an email is not forged and ascertains that the email has been sent by the very sender from
whom it claims to have originated.
 Email authentication is used very frequently to prohibit harmful and/or fraudulent email
practices.
 In the context of emails, a certain number of free emails are always provided in all plans of web
hosting. Web hosting is a service provided by web hosting companies that enables a website to
remain up and running at all times. In web hosting, server space is leased to website owners, so
that they can store the files of their websites on it. The “Best Windows Hosting Company”,
“Top Cloud Hosting Company” and the “Best Website Hosting Company in 2021” are certain
terms that are frequently used to refer to web hosting companies that provide exceptional
quality of hosting.
4
Email Authentication

5.  There are various ways in which email authentication works. Here, information is being
provided on the general approach that is followed. A policy is established by an enterprise that
sends emails. This policy specifies the rules that will authenticate emails from the enterprise’s
domain name. The mail servers and other technical infrastructure of the email sender are
configured accordingly to publish and implement these rules. When the mail server receives an
email, it authenticates the received message by comparing details of the incoming email message
with the rules that have been predefined. The result of this authentication check decides how
the receiving mail server acts, which can either be the delivery of the message or its rejection
or even flagging of the message.
5
TheWay Email AuthenticationWorks

6. 6
1-800-123 -8156
Whoa!That’s a big number, aren’t
you proud?

7.  Email authentication relies on certain standardized technical solutions. These standards for
email authentication are DKIM (DomainKeys Identified Mail), SPF (Sender Policy Framework)
and DMARC (Domain-based Message Authentication, Reporting and Conformance).
 To mention these briefly, an encryption key and a digital signature are provided by DKIM to
verify the authenticity of an email message and ascertain that it was neither fake nor altered.
SPF lets senders define the IP addresses that are allowed to send mail for a particular domain. It
is DMARC that unites the two above-mentioned authentication mechanisms (DKIM and SPF)
into a common framework. It enables domain owners to specify the way in which an email will
be handled which is from that domain and has failed an authorization test.
7
Standards of Email Authentication

8. Compliance with SPF entails the following tasks:
 Publishing a Policy
 Those machines are identified by the domains and hosts that are authorized to send mail. This is accomplished
by adding additional records to the DNS information that exists. Every host or domain name which has an A
record or MX record should have an SPF record. If a policy is used, it is this SPF record that specifies the policy
either in the address of an email or as HELO/EHLO argument.
Checking and using SPF Information
 The SPF information is interpreted by the receivers, as per the specifications. Next, the receivers act on the
result.
Revising Mail Forwarding
 Since SPF doesn’t allow plain mail forwarding, there are alternatives to it.These are mentioned below-
 Remailing- In it the original sender is replaced with one that belongs to the local domain.
 Refusing.
 Allow listing on the target server- This ensures that a forwarded message will not be refused.
 Sender Rewriting Scheme- This is a complicated mechanism. It handles the routing of non-delivery notifications
to the original sender. 8
Compliance with SPF

9.  Despite being an effective technique that adds authentication to emails, SPF has certain
limitations. There has to be awareness about these limitations as well. These are mentioned
below, in no particular order-
 The “From” header is not validated by SPF. It is shown in most clients and appears as the actual
sender of a message. The “header from” is not validated by SPF. It uses the “envelope from” to
ascertain the sending domain.
 In the event that an email is forwarded, SPF will break. At this juncture it is the ‘forwarder’ that
assumes the role of the new ‘sender’ of the message. This fails the SPF checks that are
performed by the new destination.
 A lack of reporting with regard to SPF, renders maintaining it difficult.
9
Limitations of SPF

10. 10
Thanks!
ANY QUESTIONS?
www.htshosting.org
www.htshosting.org/best-web-hosting-company-India
www.htshosting.org/best-windows-hosting
www.htshosting.org/best-cloud-hosting-company