What is SPF?

If you ask out of context, most people might say something about sunscreen. But it's not, in this case. SPF is part of the tripartite toolkit that consists of DMARC, DKIM and SPF - all of which ensure better email security.

What is SPF?

SPF stands for Sender Policy Framework and is part of the email validation that takes place in the email server itself. SPF is designed to prevent hackers and others from spamming emails from your email address. SPF helps validate your email domain name so recipients know that your domain name is legitimate and not a hacker impersonating you.

SPF, like DMARC, uses a DNS (Domain Name Service) to validate email addresses. This gives you the ability to specify which email server may send mail on behalf of your email address. The SPF contains host name and IP address information - for domain name verification (and possibly spam interception).

How does it work?

As already mentioned, the SPF uses a DNS to authenticate email addresses. It does so, because it can recognise IP addresses and hostnames, and thus verify whether a domain name is legitimate or not. SPF specifies servers and domains that are authorised to send emails.

The email server that receives the email from your domain name then knows that your domain name is approved by your SPF, and thus works with the recipient's SPF, DKIM or DMARC to establish a secure connection and authentication between the parties.

If an SPF is not authenticated or fails, then the recipient will not receive the email address because it will be listed as suspicious - if it is not authenticated, then it is because the domain name isn't authenticated. It also means that the SPF, DKIM and DMARC have caught a possible spammer.

SPF restrictions

While SPF is a good way to secure your email domain name, there are also some margins of error with it - which is also why it doesn't work alone, but with DKIM and DMARC. SPF does check outgoing and incoming mail and authorizes it, but it can't do the job on forwarded mail. Therefore, you cannot be sure that if you forward an e-mail to, say, a colleague, your e-mail will not end up in their spam filter because SPF cannot process the forward. Here it is also an advantage to have DKIM installed, as it can catch any forwarded spam.

SPF prevents spammers and hackers from sending phishing emails and spoofing. However, many spammers have started to reformat only the sender and subject that the recipient can see - as opposed to only the MTA (Message Transfer Agent) intercepting it.

However, SPF (and DKIM) can work with DMARC and check the sender and subject fields for possible reformatting, this is also called "identifier alignment".

Further use of SPF

SPF is further implemented in anti-spam software, which is used on several different messaging platforms; it is not only in e-mails that SPF can catch spam.

There are many MTAs (Mail Transfer Agents) that support SPF - and MTA is a messaging software that transfers electronic messages (usually emails) from a computer or other device. All this takes place on the web, which hackers can of course infiltrate with enough hard work. That's why tools like DMARC, DKIM and SPF exist to ensure more secure communication between parties.

Other places where SPF is useful are on websites where messaging services are also offered, such as Trustpilot, Messenger, MySpace etc.). It is used on those sites because SPF verifies domain names, and therefore also the sender address.

Summary

The most important thing to take away from this post is that SPF does not work alone - it is part of a triad consisting of DMARC, DKIM and SPF. If they work alone, it is not the most optimal work they are doing - therefore they need to work together, and therefore ensure that you and your email address are safe from spam and hackers impersonating you.

Now that you know the mechanism that's behind your email, it'll hopefully optimise your awareness training.